Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido...
How AI Adoption, Autonomy, and Attacker Innovation Are Reshaping Cloud Security
Microsoft readies the axe once again for yesterday's security
AL26-008 - Vulnerability affecting cPanel and WebHost Manager (WHM) - CVE-2026-41940
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The...
ORNL says portable detector kit can separate real GPS signals from fake ones even at equal strength GPS spoofing, which sends fake satellite-like signals, and GPS jamming, which drowns receivers...
Citizen Lab director Ron Deibert recently spoke on All Things Considered about the Lab’s new investigation of Webloc, a geolocation surveillance system. The post A New Study Shows How Ad-Based...
Second try's a charm? Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive...
A group of 25 rights and privacy organizations and experts delivered an open letter to Parliament calling for the full withdrawal of Bill C-22. The post Kill Bill C-22: Says Civil Society to...
There is no 6 Nimmt! champion, but a $12 domain registration and one Wikipedia edit convinced several bots there was
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems. [...]
Microsoft readies the axe once again for yesterday's security Microsoft has warned users still clinging to legacy TLS versions that the end is nigh for TLS 1.0 and 1.1 on POP3 and IMAP4...
The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users' sites. [...]
GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough
SonicWall security advisory (AV26-405)
In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren't just...
cPanel security advisory (AV26-404)
Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks:...
Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers. [...]
GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough The Cybersecurity and Infrastructure Security Agency (CISA) is warning anyone who uses...
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign - Mini Shai Hulud.
cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem...
Claude ploughs through months of work in rapid time, helps Wiz researchers nab lucrative award
Jenkins security advisory (AV26-403)
The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited...
Internet of Things (IoT) systems in hospitality environments are often overlooked as harmless amenities, but in reality, they can operate within highly interconnected networks, turning them into...
This blog will not dive too deeply into BloodHound itself; instead, we will focus on various methods to collect AD data to provide BloodHound as input. The post A Practical Guide to BloodHound...
Providing Application Security teams with visibility and guardrails to secure agentic software development and the modern software supply chain