Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via… Read More »Malicious npm Packages Target Developers’ Ethereum Wallets with SSH Backdoor
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Bumblebee and Latrodectus, which are… Read More »Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS… Read More »VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation… Read More »CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack
The prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed to a sophisticated cyber attack targeting the gambling and gaming… Read More »Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain
Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses.… Read More »THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 – Oct 20)
Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring… Read More »Guide: The Ultimate Pentest Checklist for Full-Stack Security
Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. “The vulnerabilities range in severity: in many… Read More »Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers
Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials.… Read More »Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
In the modern enterprise, data security is often discussed using a complex lexicon of acronyms—DLP, DDR, DSPM, and many others. While these acronyms represent critical frameworks, architectures, and tools for… Read More »Acronym Overdose – Navigating the Complex Data Security Landscape