Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The lis…
August 2025 Patch Tuesday: One Publicly Disclosed Zero-Day and 13 Critical Vulnerabilities Among 107 CVEs
Microsoft has addressed 107 vulnerabilities in its August 2025 security update release. This month’s patches include fixes for one…
Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign
A sophisticated malvertising campaign which sought to deploy a variant of Atomic macOS Stealer (AMOS) has targeted hundreds of…
Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More
Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage,…
Empowering The Soc: Stop Detecting Potential Threats, Start Signaling Real Attacks
The cybersecurity landscape is constantly evolving, and security operations centers (SOCs) are feeling the pressure to stay ahead of…
Don’t Wait Too Long to Patch: How Organizations Can Stay Ahead of Zero-Day Exploits
Among the variety of cyber-attacks that we witness happening around us, Zero-day attacks are remarkably insidious in nature. Due to the fact…
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Software running Palo Alto…
Cybercriminal Linked to Notorious Scattered Spider Gang Gets 10-Year Sentence
A young Florida-based man has been sentenced to 10 years in prison after pleading guilty to federal charges linked to cybercrime, including…
Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts
Threat actors are abusing virtual private servers (VPS) to compromise software-as-a-service (SaaS) accounts, according to an investigation by…
Interpol-Led African Cybercrime Crackdown Leads to 1209 Arrests
A large-scale law enforcement operation coordinated by Interpol has taken down a 1000-person cybercriminal network and recovered $97.4m in…
CISA Seeks Biden Era's SBOM Minimum Requirements Guideline Change
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a request for comment on an updated version of a government…
Chinese Developer Jailed for Deploying Malicious Code at US Company
A Chinese software developer has been sentenced after being convicted of causing intentional damage to protected computers by deploying…
How Secure Is the Software Supply Chain? Less Secure Than You Might Think.
Software is the invisible infrastructure of our world, powering everything from critical systems to everyday devices. But its ubiquity makes…
Data Is a Dish Best Served Fresh: “In the Wild” Versus Active Exploitation
The term “In the Wild” is broadly used to refer to any activity that has been observed outside of a controlled environment.…
Why Enterprises Need Preemptive Cybersecurity to Combat Modern Phishing
Phishing isn’t what it used to be. It’s no longer fake emails with bad grammar and sketchy links. With AI, modern phishing attacks…
How Dealerships Can Protect Their Customers’ Financial Data
Dealerships handle sensitive information, such as credit applications and personal financial records, daily. A data breach can lead to…
Vegas, Vulnerabilities, and Voices: Black Hat and Squadcon 2025
The week of August 4th, I had the opportunity to attend two exciting conferences in the cybersecurity world: Black Hat USA 2025 and Squadcon…
How to Develop a Business Continuity Plan for Cyber Security: A Step-by-Step Guide
The figures are appalling – 60% of small businesses fail within six months of a cyber-attack. Cyber attackers are all around us, and…
Cyber Security Simulation Training Mistakes That CISOs Must Avoid
Your team’s ability to identify phishing attempts in their inboxes has the potential to make or break your entire security posture,…
Healthcare Organizations at Risk: Managing Human Vulnerability in Cybersecurity
The battle against cybercrime continues to be a significant topic for organizations across all industries, however the threat to the health…
Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing
The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating…
Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations
Security Information and Event Management (SIEM) systems act as the primary tools for detecting suspicious activity in enterprise networks,…
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based…
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active…
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are…
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked…
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. New research…
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. After a recent dip,…
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line. EdFinancial and the Oklahoma Student Loan Authority…
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Targeted attacks on Twilio and…
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s…
Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior…
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
Cybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to…
Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the…
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to…
Why Your Security Culture is Critical to Mitigating Cyber Risk
After two decades of developing increasingly mature security architectures, organizations are running up against a hard truth: tools and…
U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback
The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have…
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of…
New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code
Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access…
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and…
DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks
A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service…
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern…
From Impact to Action: Turning BIA Insights Into Resilient Recovery
Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number…