New Shai-Hulud Worm Spells Trouble For npm Users
A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows
Information Security Magazine
Flaws Expose Risks in Fluent Bit Logging Agent
1 week 3 days ago
Critical flaws in Fluent Bit threaten telemetry across platforms according to an advisory published by Oligo Security researchers
Russian-linked Malware Campaign Hides in Blender 3D Files
1 week 3 days ago
Morphisec has observed a new operation embedding StealC V2 malware in Blender project files, targeting users via 3D assets and launching a multi-stage infection chain
CISA Urges Patch of Actively Exploited Flaw in Oracle Identity Manager
1 week 3 days ago
The US cybersecurity agency has added the critical flaw to its Known Exploited Vulnerabilities list
Iberia Airlines Notifies Customers of Supply Chain Data Breach
1 week 3 days ago
Spanish airline Iberia has begun emailing its customers about a supplier data breach
MoD Launches World’s First Military Gaming Tournament
1 week 3 days ago
The International Defence Esports Games (IDEG) will help sharpen cyber and battlefield skills for allied soldiers
Cybercriminals Exploit Browser Push Notifications to Deliver Malware
1 week 6 days ago
Researchers at BlackFrog have uncovered Matrix Push C2, a malicious command-and-control system that abuses web browser push notifications to deliver malware
New Gainsight Supply Chain Hack Could Affect Salesforce Customers
1 week 6 days ago
Salesforce believes there has been unauthorized access to its customers’ data through the Gainsight app’s connection to its platform
UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation
2 weeks ago
A multi-year ATM fraud campaign by UNC2891 targeted two Indonesian banks, cloning cards, recruiting money mules and coordinating cash withdrawals
CISA Issues New Guidance on Bulletproof Hosting Threat
2 weeks ago
CISA launches guide to combat cybercrime via bulletproof hosting, recommending measures for ISPs
Supply Chain Breaches Impact Almost All Firms Globally, BlueVoyant Reveals
2 weeks ago
Despite a growing maturity of third-party risk management programs, supply chain attacks impacted more organizations in 2025 than in previous years
Gartner: 40% of Firms to Be Hit By Shadow AI Security Incidents
2 weeks ago
Gartner predicts that two-fifths of organizations will suffer security and compliance incidents due to shadow AI by 2030
UK, US and Australia Sanction Russian Bulletproof Hoster Media Land
2 weeks ago
Allies sanction bulletproof hoster Media Land and four executives
Europol Operation Disrupts $55m in Cryptocurrency For Piracy
2 weeks 1 day ago
Europe-wide Cyber-Patrol Week targeted IP violations, flagging 69 sites and disrupting $55m in crypto services
Eternidade Stealer Trojan Fuels Aggressive Brazil Cybercrime
2 weeks 1 day ago
Trustwave SpiderLabs has observed new banking Trojan Eternidade Stealer targeting Brazil using WhatsApp for propagation and data theft
PlushDaemon Hackers Unleash New Malware in China-Aligned Spy Campaigns
2 weeks 1 day ago
The cyber espionage group uses a previously undocumented network implant to drop two downloaders, LittleDaemon and DaemonLogistics, which deliver a backdoor
China-Linked Operation “WrtHug” Hijacks Thousands of ASUS Routers
2 weeks 1 day ago
SecurityScorecard has revealed a new Chinese campaign targeting thousands of ASUS routers globally
Half of Ransomware Access Due to Hijacked VPN Credentials
2 weeks 1 day ago
Beazley Security data finds the top cause of initial access for ransomware in Q3 was compromised VPN credentials
CISA 2015 Receives Extension, Offering Brief Relief for Cyber Information Sharing
2 weeks 2 days ago
One US cybersecurity leader described the short-term extension of the Cybersecurity Information Sharing Act as a “temporary patch” and called for a long-term solution
New npm Malware Campaign Redirects Victims to Crypto Sites
2 weeks 2 days ago
A new malware campaign has been observed built on seven npm packages and using cloaking techniques and fake CAPTCHAs, operated by threat actor dino_reborn
Checked
6 hours 24 minutes ago