Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome...
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million...
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8...
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm...
As in past incidents, ESA says the impact was limited to external systems The European Space Agency has suffered yet another security incident and, in keeping with past practice, says the impact...
We are introducing Zero Code Criticals and Zero Time to Respond clubs to give every team a clear north star for secure development and rapid response
Interesting article on the variety of LinkedIn job scams around the world: In India, tech jobs are used as bait because the industry employs millions of people and offers high-paying roles. In...
Government staffing cuts and instability, including this year’s prolonged shutdown, could be hindering US digital defense and creating vulnerabilities.
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial...
The United States’ plan for dealing with Putin’s Russia and Xi’s China remains ill-defined among a shifting global order. That must change.
Cyble Vulnerability Intelligence researchers tracked 1,782 vulnerabilities in the last week, the third straight week that new vulnerabilities have been growing at twice their long-term rate. Over...
Funds in ‘Money Safe’ accounts are only available when customers appear for face-to-face verification Hong Kong’s banks have a new weapon against scams: Accounts that require customers to visit a...
Pair became ALPHV affiliates to prey on US-based clients A ransomware negotiator and a security incident response manager have admitted to running ransomware attacks.…
Zohran Mamdani appears not to understand that smartphones can be used for evil New York’s mayor-elect Zohran Mamdani has invited the city’s residents to join him at a block party to celebrate his...
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote...
You didn't think you'd get to enjoy your time off without a major cybersecurity incident, did you? A high-severity MongoDB Server vulnerability, for which proofs of concept emerged over Christmas...
The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos...
Wiz Research reveals the data behind Shai-Hulud's 2.0 long tail, the massive gap in cloud credential rotation, a potential link to the Trust Wallet incident, and how we finally "snipped the tail"...
Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This...
The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected...
A backstage pass to the moments that defined our 2025 cybersecurity tour
Outpacing React2Shell using pre-breach alerts from Wiz ASM to eliminate exploitable risk before attackers find them
Eric T. Berkman reports: A software company could not face “downstream” liability for a data breach that resulted in an end-user having to settle a class action suit, the 1st U.S. Circuit Court of...
Jonathan Greig reports: U.S. and Australian cyber agencies confirmed that hackers are exploiting a vulnerability that emerged over the Christmas holiday and is impacting data storage systems from...
Suzanne Smalley reports: France’s data protection regulator has fined the software company Nexpublica France €1.7 million ($2 million) for poor cybersecurity practices in the wake of a data...
Anna Isaac reports: They call it “stopping the bleeding”: the vital window to prevent an entire database from being ransacked by criminals or a production line grinding to a halt. When a call...
Scammers are generating images of broken merchandise in order to apply for refunds.
They call it “stopping the bleeding”: the vital window to prevent an entire database from being ransacked by criminals or a production line grinding to a halt. When a call comes into the...
One cert, in plaintext, on thousands of devices, led to what looks like years of crime South Korea’s Ministry of Science and ICT has found that local carrier Korea Telecom (KT) deployed thousands...
Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them. The post Bugs that survive the heat of continuous fuzzing appeared first on The GitHub Blog.