AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack

Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack

AndyC 27 May 2026

Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack Pierluigi Paganini May 26, 2026 Attackers have poisoned four...

Read More

Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers

Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers

AndyC 27 May 2026

Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers Pierluigi Paganini May 26, 2026 Nimbus Manticore accelerated cyberattacks...

Read More

Lazarus APT unveils fileless remote access Trojan designed to evade detection

Lazarus APT unveils fileless remote access Trojan designed to evade detection

AndyC 27 May 2026

Lazarus APT unveils fileless remote access Trojan designed to evade detection Pierluigi Paganini May 26, 2026 North Korea-linked Lazarus APT...

Read More

[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back

[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back

AndyC 27 May 2026

The Hacker NewsMay 26, 2026Web Security / Artificial Intelligence Every single day, hackers are finding new ways to crash websites...

Read More

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

AndyC 27 May 2026

Ravie LakshmananMay 26, 2026Vulnerability / Enterprise Security Microsoft has rolled out updates to fix a remote code execution vulnerability impacting...

Read More

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You

AndyC 27 May 2026

Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker...

Read More

CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

AndyC 27 May 2026

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed...

Read More

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

AndyC 27 May 2026

The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh...

Read More

Third-Party Cyberattack Impacts Patient Information at The Oncology Institute

Third-Party Cyberattack Impacts Patient Information at The Oncology Institute

AndyC 26 May 2026

Third-Party Cyberattack Impacts Patient Information at The Oncology Institute Pierluigi Paganini May 26, 2026 The Oncology Institute disclosed a data...

Read More

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

AndyC 26 May 2026

Ravie LakshmananMay 26, 2026Vulnerability / Threat Intelligence A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System...

Read More

Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites

Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites

AndyC 26 May 2026

Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites Pierluigi Paganini May 25, 2026 Threat actors are...

Read More

Google adds open source Agent Executor to support AI agents in production

340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks

AndyC 26 May 2026

340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks Pierluigi Paganini May 25, 2026 A hacker is selling a 340M-strong OnlyFans-linked...

Read More

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

AndyC 26 May 2026

Ravie LakshmananMay 25, 2026Cybersecurity / Hacking Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old...

Read More

Hacker Lists 340M OnlyFans User Records for Sale

Hacker Lists 340M OnlyFans User Records for Sale

AndyC 26 May 2026

OnlyFans users may be facing one of the largest identity-exposure scares yet tied to the platform. Hackread found a hacker...

Read More

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

AndyC 26 May 2026

Digital Security Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and...

Read More

BTMOB: A stealthy RAT burrowing deep into Android devices

BTMOB: A stealthy RAT burrowing deep into Android devices

AndyC 27 May 2026

The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise Daniel Cunha Barbosa 26 May 2026 • ,...

Read More

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

AndyC 26 May 2026

Digital Security Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data Christian Ali Bravo...

Read More

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

AndyC 26 May 2026

Digital Security Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data Christian Ali Bravo...

Read More

Webworm: New burrowing techniques

Webworm: New burrowing techniques

AndyC 26 May 2026

ESET researchers analyzed the 2025 activity of Webworm, a China-aligned APT group that started out targeting organizations in Asia, but has recently shifted its focus...

Read More

Webworm: New burrowing techniques

Webworm: New burrowing techniques

AndyC 26 May 2026

ESET researchers analyzed the 2025 activity of Webworm, a China-aligned APT group that started out targeting organizations in Asia, but has recently shifted its focus...

Read More

The quest for greater tech independence

The quest for greater tech independence

AndyC 26 May 2026

The Trump administration’s shift in tone and approach toward traditional allies has understandably unsettled many nations, raising doubts about U.S. reliability and concerns over dependence...

Read More

The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On.

The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On.

AndyC 28 May 2026

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

AndyC 28 May 2026

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

AndyC 28 May 2026

The Next AI Security Failure May Start With a Trusted Assistant

The Next AI Security Failure May Start With a Trusted Assistant

AndyC 28 May 2026

7-Eleven Breach: Hackers Claim 600,000 Records Stolen

7-Eleven Breach: Hackers Claim 600,000 Records Stolen

AndyC 28 May 2026