Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The “critical exploitable pattern” has been codenamed Cordyceps… Read More »Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
We are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A… Read More »Dawn of the Apex Agentic Adversary
The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury… Read More »DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The… Read More »Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally.… Read More »FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31,… Read More »Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts.… Read More »Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow” trigger to run malicious… Read More »GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The… Read More »Agentic AI: The Weapon That No Longer Needs a Warrior
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below – aes-decode-runner-pro… Read More »Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT