40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages…
Google confirms fraudulent account created in law enforcement portal
Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses…
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
In a world where threats are persistent, the modern CISO's real job isn't just to secure technology—it's to preserve institutional trust…
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute…
CVE-2025-9556 (CVSS 9.8):Critical Vulnerability in LangChainGo Puts LLM Apps at Risk
The rise of large language model (LLM) applications has made frameworks like LangChain and its ports foundational for developers worldwide.…
FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data
The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’…
FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks
The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two…
New HybridPetya ransomware can bypass UEFI Secure Boot
A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on…
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a…
CISA Launches Roadmap for the CVE Program
In a new document, the US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed its support for the Common Vulnerabilities and…
Vulnerability Management – common understanding and language enable teamwork
Part of a series This Blog post is part of the series Vulnerability Management Series: 3D (Definition, Deep-Dive, and Difficulties) Part 1…
CVE-2025-58063: CoreDNS Vulnerability Could Disrupt DNS Updates
Ddos September 11, 2025 The CoreDNS project has disclosed a vulnerability in its etcd plugin, tracked as CVE-2025-58063 (CVSS 7.1), which…
Chinese APT Hits Philippine Military Firm with New EggStreme Fileless Malware
Bitdefender uncovers EggStreme, a fileless malware by a China-based APT targeting the Philippine military and APAC organisations.…
Open Source Community Thwarts Massive npm Supply Chain Attack
A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials. On September 8,…
Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign
A major data theft campaign targeting Salesforce data via the Salesloft Drift app began after threat actors compromised a key GitHub account,…
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned…
GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms
Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on search engines like Google to deliver…
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams,…
GhostAction Supply Chain Attack Compromises 3000+ Secrets
Hundreds of GitHub users and repositories have been hit by another supply chain attack, in which threat actors have already stolen more than…
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations
The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan…
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum…
Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure
Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit…
⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More
Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update,…
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka…
Critical Citrix 0-Day Vulnerability Exploited Since May, Leaving Global Entities Exposed
A critical zero-day vulnerability in Citrix NetScaler products, identified as CVE-2025-6543, has been actively exploited by threat actors…
Microsoft to enforce MFA for Azure resource management in October
Starting in October, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect Azure…
Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware
A threat actor released malicious updates on the npm package repository for components of a tool popular among developers intending to steal…
Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials
The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the…
U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two…
Someone Created First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model
Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock.…
Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May…
PoC Exploit Released for CrushFTP 0-day Vulnerability (CVE-2025-54309)
A weaponized proof-of-concept exploit has been publicly released targeting CVE-2025-54309, a severe authentication bypass vulnerability…
NVIDIA NeMo AI Curator Enables Code Execution and Privilege Escalation
NVIDIA has issued a critical security bulletin addressing a high-severity vulnerability in its NeMo Curator platform that could allow…
HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay…
CISA warns of actively exploited Git code execution flaw
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the…
New Android Trojan Variant Expands with Ransomware Tactics
A new version of the Hook Android banking Trojan has surfaced, showcasing one of the most extensive feature sets ever recorded for mobile…
New Android malware poses as antivirus from Russian intelligence agency
A new Android malware posing as an antivirus tool software created by Russia’s Federal Security Services agency (FSB) is being used to…
CVE-2025-52882: WebSocket authentication bypass in Claude Code extensions
A critical vulnerability in Claude Code for Visual Studio Code (VS Code) and other IDE extensions allowed malicious websites to connect to…
Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign
A sophisticated malvertising campaign which sought to deploy a variant of Atomic macOS Stealer (AMOS) has targeted hundreds of…
Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More
Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage,…
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern…
Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior…