Your blog category
Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data,… Read More »Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360:… Read More »Manual Processes Are Putting National Security at Risk
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated… Read More »SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to… Read More »Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The… Read More »CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven… Read More »RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible… Read More »UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a… Read More »Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being… Read More »Identity Prioritization isn’t a Backlog Problem – It’s a Risk Math Problem
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks… Read More »UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors