The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of… Read More »CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a “portion” of its source code. It said it “recently identified” the compromise of its… Read More »Trellix Confirms Source Code Breach With Unauthorized Repository Access
A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a “phishing relay” to distribute phishing emails with an aim to compromise Facebook accounts. The activity has… Read More »30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO.… Read More »China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating almost within the confines of SaaS environments, while leaving minimal traces of their actions.… Read More »Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in… Read More »Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks
The managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 2030[1], with cybersecurity being the fastest-growing sector[2]. Despite this opportunity, many MSPs… Read More »Top Five Sales Challenges Costing MSPs Cybersecurity Revenue
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH… Read More »Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido… Read More »PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools… Read More »ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories