Why Outdated Corporate Networks Are Analogous to the Aging U.S. Highway System
“Necessity is the mother of invention” has never been more fitting—whether you’re talking about America’s…
PyPI invalidates tokens stolen in GhostAction supply chain attack
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September,…
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to…
SolarWinds Issues Advisory on Salesforce Data Breach Linked to Salesloft Drift
SolarWinds has issued a security advisory regarding a major Salesforce data breach that exposed sensitive information from numerous companies…
Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets
For the third time in just a few weeks, experts are warning of a significant threat to the open source npm ecosystem, after discovering a…
Self-propagating supply chain attack hits 187 npm packages
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious…
Digital Transformation Failures: A National Security Crisis in the Making
In the hyperconnected world, digital transformation has become synonymous with progress, efficiency and innovation. For governments, business…
JLR Extends Production Halt After Cyber-Attack
Jaguar Land Rover (JLR) has confirmed it will extend its production pause until at least September 24 following a cyber-attack earlier this…
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages…
Preparing for the EU’s DORA amidst Technical Controls Ambiguity
The financial sector is bracing for a significant shift in its digital landscape as the EU’s Digital Operational Resilience Act (DORA)…
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
In a world where threats are persistent, the modern CISO's real job isn't just to secure technology—it's to preserve institutional trust…
CISA Warns of Attacks on DELMIA Manufacturing Software Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a manufacturing operations management software vulnerability to its…
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a…
12 Ways to Protect Your Business from Hackers During Remote Work
Michelle MooreUniversity of San Diego’sSeptember 11, 2025 Remote work is here to stay, with nearly a quarter of the U.S. workforce (22%)…
LNER Reveals Supply Chain Attack Compromised Customer Information
The operator of one of the UK’s busiest rail lines has admitted that an unauthorized third party has accessed customer details via a supplier.…
Hackers left empty-handed after massive NPM supply-chain attack
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but…
Cursor AI editor lets repos “autorun” malicious code on devices
A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as…
KillSec Ransomware Hits Brazilian Healthcare IT Vendor
A ransomware attack claimed by the group KillSec has disrupted MedicSolution, a software provider serving Brazil’s healthcare sector. On…
Can I have a new password, please? The $400M question.
Back in August 2023, attackers tied to the Scattered Spider group didn’t exploit a zero-day vulnerability to
Apple CarPlay Exploited To Gain Root Access By Executing Remote Code
At the recent DefCon security conference, researchers demonstrated a critical exploit chain that allows attackers to gain root access on…
Cursor Autorun Flaw Lets Repositories Execute Code Without Consent
A newly disclosed flaw in the Cursor extension allows repositories to automatically execute code when a folder is opened, even without a…
Malicious npm Code Reached 10% of Cloud Environments
Security experts have warned that a newly discovered supply chain attack targeting npm packages is still active and may already have…
Software Supply Chain Attacks
In today’s rapidly evolving business landscape, software supply chain attacks are becoming increasingly common—and more…
Open Source Community Thwarts Massive npm Supply Chain Attack
A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials. On September 8,…
How Leading CISOs are Getting Budget Approval
It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you’re a CISO or security leader,…
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack
Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a…
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned…
Wealthsimple Confirms Data Breach After Supply Chain Attack
Canadian fintech firm Wealthsimple has confirmed a data breach that exposed sensitive customer information. The incident, detected on August…
Qualys, Tenable Latest Victims of Salesloft Drift Hack
Cybersecurity providers Tenable and Qualys are the latest in a growing list of companies affected by a significant supply chain attack…
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams,…
GhostAction Supply Chain Attack Compromises 3000+ Secrets
Hundreds of GitHub users and repositories have been hit by another supply chain attack, in which threat actors have already stolen more than…
SAP S/4HANA Users Urged to Patch Critical Exploited Bug
Security experts have warned SAP S/4HANA cloud customers that a critical code injection vulnerability patched by the vendor in August is being…
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet…
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum…
Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations
Salesloft on Tuesday announced that it’s taking Drift temporarily offline “in the very near future,” as multiple companies…
⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More
Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update,…
Weekly Cybersecurity News Recap : WhatsApp, Chrome 0-Day, AI Ransomware and Cyber Attacks
Welcome to your Weekly Cybersecurity News Recap. This week, the digital world faced a fresh wave of threats, underscoring the relentless…
Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware
A threat actor released malicious updates on the npm package repository for components of a tool popular among developers intending to steal…
Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page
Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to…
TransUnion Data Breach Impacts 4.5 Million US Customers
Credit rating giant TransUnion has suffered a data breach, which has impacted the personal information of nearly 4.5 million Americans. The…
Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names
Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of…
Passwordstate dev urges users to patch auth bypass vulnerability
Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity…