Cybersecurity
-
Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
Source: BleepingComputerRead more: Hackers hijack npm packages with 2 billion weekly downloads in supply chain attackIn a significant cybersecurity incident, attackers compromised a maintainer’s account and injected malware into NPM packages that collectively have over…
-
Salesloft: March GitHub repo breach led to Salesforce data theft attacks
Source: BleepingComputerRead more: Salesloft: March GitHub repo breach led to Salesforce data theft attacksSalesloft reported that attackers breached its GitHub account in March, resulting in the theft of OAuth tokens. These tokens were…
-
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
Source: The Hacker NewsRead more: GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 CompaniesSalesloft has disclosed that a security breach linked to its Drift application was initiated through the compromise of its GitHub…
-
Chinese Spies Impersonated US Lawmaker to Deliver Malware to Trade Groups: Report
Source: SecurityWeekRead more: Chinese Spies Impersonated US Lawmaker to Deliver Malware to Trade Groups: ReportChinese cyber espionage group APT41 used a false identity to send malware-laden emails on behalf of US Rep. John Moolenaar…
-
GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms
Source: The Hacker NewsRead more: GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT FirmsCybersecurity researchers have identified a sophisticated malware campaign that utilizes paid Google ads to distribute malware to users searching for…
-
Secrets at Risk: How Misconfigurations and Mistakes Expose Critical Credentials
Source: Tenable ResearchRead more: Secrets at Risk: How Misconfigurations and Mistakes Expose Critical CredentialsA report highlights the alarming rates at which organizations expose sensitive credentials, termed secrets, in cloud environments. This mismanagement can…
-
PromptLock Only PoC, but AI-Powered Ransomware Is Real
Source: SecurityWeekRead more: PromptLock Only PoC, but AI-Powered Ransomware Is RealPromptLock, a prototype of AI-driven ransomware, has raised alarms as hackers start to utilize AI for file encryption and extortion.…
-
This “insidious” police tech claims to predict crime (Lock and Code S06E18)
Source: Malware BytesRead more: This “insidious” police tech claims to predict crime (Lock and Code S06E18)The Lock and Code podcast discusses the implications of predictive policing with Emily Galvin-Almanza. This technology claims to forecast crime…
-
ICYMI: Exposure Management Academy on Attack Surface Management, Proactive Security and More
Source: Tenable ResearchRead more: ICYMI: Exposure Management Academy on Attack Surface Management, Proactive Security and MoreThe Tenable Exposure Management Academy has shared key insights on moving from vulnerability management to proactive exposure management. This shift…
-
The Critical Failure in Vulnerability Management
Source: Dark ReadingRead more: The Critical Failure in Vulnerability ManagementOrganizations are increasingly seeking help to address critical vulnerabilities in their systems. The adoption of automated solutions for network device…