Your blog category
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that’s capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among… Read More »Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
A new malware campaign is exploiting a weakness in Discord’s invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. “Attackers hijacked the links through… Read More »Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
Cybersecurity researchers are calling attention to a “large-scale campaign” that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects… Read More »Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
Introduction: Security at a Tipping Point Security Operations Centers (SOCs) were built for a different era, one defined by perimeter-based thinking, known threats, and manageable alert volumes. But today’s threat… Read More »CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed… Read More »Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability,… Read More »Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation… Read More »WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model’s (LLM) safety and content moderation guardrails with just a single… Read More »New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses… Read More »AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human… Read More »Non-Human Identities: How to Address the Expanding Security Risk