Shai-Hulud v2 Spreads From npm to Maven, as Campaign Exposes Thousands of Secrets
The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the…
Over 23 Million Victims Hit by Data Breaches in Q3
The number of US corporate data breaches and downstream victims appeared to slow in the third quarter of the year, according to new data from…
CISA Warns Of Adobe Experience Manager Forms 0-Day Vulnerability Exploited In Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe code execution vulnerability in…
FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process
Fortinet has issued an urgent advisory revealing a critical weakness in its FortiPAM and FortiSwitch Manager products that could allow…
Senior Execs Falling Short on Cyber-Attack Preparedness, NCSC Warns
Senior executives must do better to prepare for almost inevitable future cyber-attacks and cannot rely on government alone for protection, the…
Critical Supply Chain Flaw: Clevo UEFI Firmware Leaked Intel Boot Guard Private Keys (CVE-2025-11577)
The CERT Coordination Center (CERT/CC) has issued a warning regarding a critical supply chain — CVE-2025-11577 — after researchers…
iPhone Fold Hinge Costs Drop to $70-$80, Boosting Viability for Mass Production in 2026
The long-rumored foldable iPhone — tentatively referred to as the iPhone Fold — has yet to be officially announced, but numerous…
Critical Vulnerability CVE-2025-61884 Found in Oracle E-Business Suite
Oracle E-Business Suite (EBS) — a cornerstone ERP platform for countless enterprises across the globe — faces a critical security…
China Launches Antitrust Probe into Qualcomm Over Autotalks Acquisition Failure to File Declaration
China’s State Administration for Market Regulation (SAMR) recently announced the launch of an antitrust investigation into U.S.…
Cyber-Attack Contributes to Huge Sales Drop at JLR
Jaguar Land Rover (JLR) has revealed a 25% drop in volume sales in the three months up to September 30, largely as a result of the ongoing…
Researchers Uncover 13-Year-Old Redis Flaw Impacting Nearly 330,000 Instances
Researchers have uncovered a 13-year-old critical remote-code-execution flaw in Redis that let attackers escape the product’s Lua…
Renault Informs Customers of Supply Chain Data Breach
Carmaker Renault has been forced to notify an unspecified number of customers that their personal data may have been compromised by threat…
How Can IT Security Professionals Best Navigate the CMMC Maze?
For companies still treating the Cybersecurity Maturity Model Certification (CMMC) as an IT-only concern, the risks are growing. Developed by…
Clop Ransomware Targets Oracle E-Business Suite: Extortion Wave Hits Global Enterprises
A new wave of extortion attacks linked to the Clop ransomware group has recently shaken organizations using Oracle E-Business Suite (EBS),…
Revolutionizing Third Party Risk Management: The Future with Autonomous Pen-Testing
In today’s interconnected digital landscape, businesses are more dependent than ever on third-party vendors and partners. While these…
Japan’s Beer Taps Fear Running Dry as Cyberattack on Asahi Disrupts Production
Japan’s largest brewery, Asahi Group Holdings, is racing against time as it struggles to recover from a cyberattack that has severely…
Expired US Cyber Law Puts Data Sharing and Threat Response at Risk
A critical US law that shields companies from legal liability when sharing cyber threat intelligence has expired after lawmakers failed to…
Achieving Crypto Agility Through eFPGA: A Prerequisite for Secure ASIC and SoC Designs
In an era where digital threats evolve daily and quantum computing looms on the horizon, the need for true crypto agility has never been more…
Asahi Suspends Operations in Japan After Cyber-Attack
Brewing giant Asahi has suspended operations in Japan following a “system failure” caused by a cyber-attack. The firm, which is headquartered…
National Cyber Authorities Launch OT Security Guidance
National cybersecurity agencies from seven countries, including the Five Eyes nations, have released new operational technology (OT) security…
Harrods Reveals Supply Chain Breach Impacting Online Customers
Luxury London department store Harrods has revealed that some of its e-commerce customers have had their personal information stolen via a…
2025 Ransomware Trends: How Australia’s Wealth Makes It a Prime Target
Australia’s strong economy and high per-capita wealth have made it a prime target for ransomware groups, with the country facing a…
JLR Begins Phased Restart of Operations After Cyber-Attack
Jaguar Land Rover (JLR) has begun a phased restart of operations following the devastating cyber-attack which curtailed production activities…
When Airports Go Dark: What The Weekend’s Cyber-attacks Tell Us About Business Risk
Varun Uppal, founder and CEO of Shinobi Security Over the weekend, airports across Europe were thrown into chaos after a cyber-attack on one…
Experts Warn of Global Breach Risk from Indian Suppliers
Global supply chains could be at risk after a new report revealed a surprisingly high share of Indian vendors have suffered a third-party…
NCA Arrest Man as HardBit Ransomware Blamed for Airport Outages
British investigators have arrested a man in connection with a suspected ransomware attack which continues to cause flight delays across…
CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin
While investigating the security posture of various machine learning (ML) and artificial intelligence (AI) frameworks, the Trend Micro Zero…
npm Package Uses QR Code Steganography to Steal Credentials
A malicious npm package named Fezbox has been found using an unusual technique to conceal harmful code. The package employs a QR code as part…
Third time's the charm? SolarWinds (again) patches critical Web Help Desk RCE
SolarWinds on Tuesday released a hotfix - again - for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could…
Jaguar Land Rover Extends Production Pause Again
The UK’s largest carmaker has announced a further delay to restarting production after suffering a major cyber-attack earlier this month.…
BlockBlasters: When a Steam Game Turns Into a Malware Delivery Vehicle
What began as a promising indie platformer has turned into one of the most alarming cases of malware-laced games on Steam in 2025. According…
Airport Chaos Enters Third Day After Supply Chain Attack
A suspected cyber-attack targeting a third-party software supplier has caused major flight cancellations and delays at several European…
The iPhone Fold is Coming: Apple’s 2026 Strategy Revealed
According to a report by Nikkei Asia, Apple has recently informed its supply chain partners that shipments of the iPhone 18 series, slated for…
Why Outdated Corporate Networks Are Analogous to the Aging U.S. Highway System
“Necessity is the mother of invention” has never been more fitting—whether you’re talking about America’s…
Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets
For the third time in just a few weeks, experts are warning of a significant threat to the open source npm ecosystem, after discovering a…
JLR Extends Production Halt After Cyber-Attack
Jaguar Land Rover (JLR) has confirmed it will extend its production pause until at least September 24 following a cyber-attack earlier this…
Preparing for the EU’s DORA amidst Technical Controls Ambiguity
The financial sector is bracing for a significant shift in its digital landscape as the EU’s Digital Operational Resilience Act (DORA)…
LNER Reveals Supply Chain Attack Compromised Customer Information
The operator of one of the UK’s busiest rail lines has admitted that an unauthorized third party has accessed customer details via a supplier.…
Datadog guide to Hacker Summer Camp 2025
Every year in early August, conferences in Las Vegas, Nevada, serve as a gathering of security professionals in a single place. This time of…