GitHub on Monday announced that it will be changing its authentication and publishing options “in the near future” in response to a recent wave of supply chain attacks targeting the… Read More »GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting East and… Read More »BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells
Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented hacking group called ComicForm since at least April 2025. The… Read More »ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks
The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old,… Read More »⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
We hear this a lot: “We’ve got hundreds of service accounts and AI agents running in the background. We didn’t create most of them. We don’t know who owns them.… Read More »How to Gain Control of AI Agents and Non-Human Identities
A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked… Read More »Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
Threat actors with ties to the Democratic People’s Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style lures to deliver a known malware called BeaverTail and… Read More »DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams
Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes in Large Language Model (LLM) capabilities. The malware has been… Read More »Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell
LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs masquerading as legitimate tools. “In the case of… Read More »LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer
Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT’s Deep Research agent that could allow an attacker to leak sensitive Gmail inbox data with a single crafted email without… Read More »ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent