Apple CarPlay Exploited To Gain Root Access By Executing Remote Code
At the recent DefCon security conference, researchers demonstrated a critical exploit chain that allows attackers to gain root access on…
Cursor Autorun Flaw Lets Repositories Execute Code Without Consent
A newly disclosed flaw in the Cursor extension allows repositories to automatically execute code when a folder is opened, even without a…
Malicious npm Code Reached 10% of Cloud Environments
Security experts have warned that a newly discovered supply chain attack targeting npm packages is still active and may already have…
Software Supply Chain Attacks
In today’s rapidly evolving business landscape, software supply chain attacks are becoming increasingly common—and more…
Open Source Community Thwarts Massive npm Supply Chain Attack
A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials. On September 8,…
How Leading CISOs are Getting Budget Approval
It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you’re a CISO or security leader,…
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack
Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a…
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned…
Wealthsimple Confirms Data Breach After Supply Chain Attack
Canadian fintech firm Wealthsimple has confirmed a data breach that exposed sensitive customer information. The incident, detected on August…
Qualys, Tenable Latest Victims of Salesloft Drift Hack
Cybersecurity providers Tenable and Qualys are the latest in a growing list of companies affected by a significant supply chain attack…
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams,…
GhostAction Supply Chain Attack Compromises 3000+ Secrets
Hundreds of GitHub users and repositories have been hit by another supply chain attack, in which threat actors have already stolen more than…
SAP S/4HANA Users Urged to Patch Critical Exploited Bug
Security experts have warned SAP S/4HANA cloud customers that a critical code injection vulnerability patched by the vendor in August is being…
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet…
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum…
Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations
Salesloft on Tuesday announced that it’s taking Drift temporarily offline “in the very near future,” as multiple companies…
⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More
Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update,…
Weekly Cybersecurity News Recap : WhatsApp, Chrome 0-Day, AI Ransomware and Cyber Attacks
Welcome to your Weekly Cybersecurity News Recap. This week, the digital world faced a fresh wave of threats, underscoring the relentless…
Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware
A threat actor released malicious updates on the npm package repository for components of a tool popular among developers intending to steal…
Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page
Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to…
TransUnion Data Breach Impacts 4.5 Million US Customers
Credit rating giant TransUnion has suffered a data breach, which has impacted the personal information of nearly 4.5 million Americans. The…
Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names
Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of…
Passwordstate dev urges users to patch auth bypass vulnerability
Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity…
Malicious VS Code Extensions Exploit Name Reuse Loophole
A new campaign involving malicious Visual Studio Code (VS Code) extensions has exposed a loophole in the VS Code Marketplace that allows…
Cloudflare Launches MCP Server Portals – A Unified Gateway to All MCP Servers
Cloudflare today launched MCP Server Portals in open beta, a groundbreaking capability designed to centralize, secure, and observe all Model…
Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials
The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the…
Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens…
Why zero trust is never 'done' and is an ever-evolving process
Picture this scenario: Six months after celebrating their “zero trust transformation,” a financial services firm gets hit with a…
CISA Strengthens Software Procurement Security With New Tool
A new Software Acquisition Guide: Supplier Response Web Tool has been released by the US Cybersecurity and Infrastructure Security Agency…
Innovator Spotlight: CSide
August 27, 2025 Securing the Browser’s Blind Spot By Victoria Hargrove, CDM Reporter What CSide Does Most security stacks fortify…
CMMC 2.0 Final Rule Released – Get Prepared Now!
In a significant step to secure the defense industrial base (DIB), the Department of Defense (DoD) has officially released the…
MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers
Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that’s targeting supply chain-critical…
Securing the AI Revolution: Introducing Cloudflare MCP Server Portals
2025-08-26 6 min read Securing the AI Revolution: Introducing Cloudflare MCP Server Portals Large Language Models (LLMs) are rapidly evolving…
CISA Warns of Git Arbitrary File Write Vulnerability Exploited in Attacks
CISA has issued a high-severity warning for CVE-2025-48384, a link-following vulnerability in Git that enables arbitrary file writes via…
Ten Years of Resilience, Innovation & Community-Driven Defense
The world of cybersecurity has been a wild ride over the last decade. As attackers stepped up their game year over year, the security…
Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More
Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage,…
CISA Seeks Biden Era's SBOM Minimum Requirements Guideline Change
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a request for comment on an updated version of a government…
How Secure Is the Software Supply Chain? Less Secure Than You Might Think.
Software is the invisible infrastructure of our world, powering everything from critical systems to everyday devices. But its ubiquity makes…
Data Is a Dish Best Served Fresh: “In the Wild” Versus Active Exploitation
The term “In the Wild” is broadly used to refer to any activity that has been observed outside of a controlled environment.…
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Targeted attacks on Twilio and…
From Impact to Action: Turning BIA Insights Into Resilient Recovery
Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number…
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to…