Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs
Microsoft Threat Intelligence reports that a new variant of the XCSSET macOS malware has been detected in limited attacks, incorporating…
Unofficial Postmark MCP npm silently stole users' emails
A npm package copying the official ‘postmark-mcp’ project on GitHub turned bad with the latest update that added a single…
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers
The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented…
Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More
Welcome to this week's Threatsday Bulletin—your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The…
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and…
Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts
A critical stored cross-site scripting vulnerability has emerged in the popular DotNetNuke (DNN) Platform, threatening websites powered by…
ShadowV2: How a New DDoS Botnet Mimics Cloud-Native Apps
The login UI | Image: Darktrace Researchers at Darktrace have identified a sophisticated new campaign that merges traditional malware…
ShadowV2 Botnet Exposes Rise of DDoS-as-a-service Platforms
A new campaign that combines traditional malware with modern DevOps tooling has been observed by cybersecurity analysts. The ShadowV2 DDoS…
Google warns China-linked spies lurking in 'numerous' enterprises since March
Unknown intruders – likely China-linked spies – have broken into "numerous" enterprise networks since March and deployed…
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the…
GitHub notifications abused to impersonate Y Combinator for crypto theft
A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026…
GitHub tightens npm security with mandatory 2FA, access tokens
GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently.…
Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation
Big companies are getting smaller, and their CEOs want everyone to know it. Wells Fargo has cut its workforce by 23% over five years, Bank of…
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service…
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent…
Review: Practical Purple Teaming
Practical Purple Teaming is a guide to building stronger collaboration between offensive and defensive security teams. The book focuses on how…
ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks
Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented…
LastPass: Fake password managers infect Mac users with malware
LastPass is warning users of a campaign that targets macOS users with malicious software impersonating popular products delivered through…
Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly…
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams
Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style…
Week in review: Chrome 0-day fixed, npm supply chain attack, LinkedIn data used for AI
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most enterprise AI use is…
LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer
LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that…
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent
Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak…
WannaCry Ransomware: A DFIR & SOC Monitoring Lab Walkthrough
Hello fellow defenders, I hope you are having a great day. In this article, I’m going to show you how you can make a cybersecurity home…
PyPI invalidates tokens stolen in GhostAction supply chain attack
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September,…
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to…
From Simple Bug to RCE: A Flaw (CVE-2025-21692) in the Linux Kernel, PoC Published
Security researcher Volticks has published a deep technical writeup on CVE-2025-21692, a vulnerability in the Linux kernel’s Enhanced…
ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft…
Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets
For the third time in just a few weeks, experts are warning of a significant threat to the open source npm ecosystem, after discovering a…
Self-propagating supply chain attack hits 187 npm packages
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious…
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages…
Google confirms fraudulent account created in law enforcement portal
Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses…
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
In a world where threats are persistent, the modern CISO's real job isn't just to secure technology—it's to preserve institutional trust…
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute…
CVE-2025-9556 (CVSS 9.8):Critical Vulnerability in LangChainGo Puts LLM Apps at Risk
The rise of large language model (LLM) applications has made frameworks like LangChain and its ports foundational for developers worldwide.…
FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data
The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’…
FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks
The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two…
New HybridPetya ransomware can bypass UEFI Secure Boot
A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on…
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a…
CISA Launches Roadmap for the CVE Program
In a new document, the US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed its support for the Common Vulnerabilities and…
Vulnerability Management – common understanding and language enable teamwork
Part of a series This Blog post is part of the series Vulnerability Management Series: 3D (Definition, Deep-Dive, and Difficulties) Part 1…
CVE-2025-58063: CoreDNS Vulnerability Could Disrupt DNS Updates
Ddos September 11, 2025 The CoreDNS project has disclosed a vulnerability in its etcd plugin, tracked as CVE-2025-58063 (CVSS 7.1), which…