Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what’s seen… Read More »Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an… Read More »Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis… Read More »The Identities Behind AI Agents: A Deep Dive Into AI & NHI
Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific… Read More »PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. “In a coordinated series of actions, customers of the… Read More »Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that’s used to spam website chats, comment sections, and contact forms to promote dubious search engine… Read More »AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections
Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing… Read More »Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
GitGuardian’s State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities (NHIs), which… Read More »Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots
A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB.… Read More »New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation… Read More »CISA Warns of CentreStack’s Hard-Coded MachineKey Vulnerability Enabling RCE Attacks