Malicious actors have deployed typosquatted npm packages mimicking popular JavaScript libraries to steal sensitive developer credentials, including cloud provider tokens, CI/CD secrets, and environment variables. These packages contain obfuscated code that exfiltrates data to attacker-controlled ser
AI models like Claude Mythos are finding hundreds of software vulnerabilities in days. The same tech will soon expose loopholes in tax codes and regulations everywhere.
Russian state hackers Turla transformed their Kazuar backdoor into a stealthy P2P botnet for persistent access. FSB-linked group ups their game with modular malware.
A sophisticated supply chain attack compromised multiple @antv npm packages with Mini Shai-Hulud malware, specifically designed to steal CI/CD credentials from automated build systems. The malicious code targets environment variables containing sensitive tokens during package installation, affecting
New Linux kernel flaw “Fragnesia” gives attackers instant root access. Public exploit code already available. Patch now before threat actors weaponize it.
Recent research presented at LABScon25 reveals that major cybersecurity breaches create predictable market patterns that sophisticated traders are already exploiting. This “breach alpha” phenomenon shows that companies experiencing significant cyber incidents follow consistent stock price trajectori
Europol and international partners dismantled First VPN, a service widely used by ransomware gangs, seizing 33 servers and arresting its alleged administrator. The operation, codenamed Saffron, also exposed thousands of users whose data is now in the hands of investigators across 16 countries.
India’s Computer Emergency Response Team (CERT-In) has issued a directive requiring organizations to patch critical vulnerabilities in internet-facing systems within 12 hours of notification. This aggressive timeline responds to the accelerating threat landscape where AI-assisted attacks are weaponi
Microsoft accused of secretly patching Azure vulnerability after rejecting researcher’s report—no CVE issued. Company denies changes despite documented fix.
Threat actors conducted an aggressive reconnaissance campaign against SonicWall firewall interfaces, generating over 597,000 scanning sessions within a nine-day period. This massive scanning operation targeted publicly exposed SonicWall management interfaces, likely seeking vulnerable devices for ex