20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack
Sep 09, 2025Ravie LakshmananCryptocurrency / Software Security Multiple npm packages have been compromised as part of a software supply chain...
Hacking
Category Added in a WPeMatico Campaign
45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage
Sep 09, 2025Ravie LakshmananCyber Espionage / Telecom Security Threat hunters have discovered a set of previously unreported domains, some going...
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
Sep 08, 2025Ravie LakshmananSupply Chain Attack / API Security Salesloft has revealed that the data breach linked to its Drift...
GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms
Sep 08, 2025Ravie LakshmananMalvertising / Encryption Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on...
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT...
You Didn’t Get Phished — You Onboarded the Attacker
When Attackers Get Hired: Today's New Identity Crisis What if the star engineer you just hired isn't actually an employee,...
Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign
A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector...
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
Sep 06, 2025Ravie LakshmananSoftware Security / Cryptocurrency A new set of four malicious packages have been discovered in the npm...
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the...
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations
The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known...
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
Sep 05, 2025Ravie LakshmananVulnerability / Enterprise Security A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software,...
Automation Is Redefining Pentest Delivery
Sep 05, 2025The Hacker NewsPentesting / Security Operations Pentesting remains one of the most effective ways to identify real-world security...
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
Sep 05, 2025Ravie LakshmananMalware / Cryptocurrency Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics...
Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries
Sep 04, 2025Ravie LakshmananCybersecurity / Malware The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new...
Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries
Sep 04, 2025Ravie LakshmananCybersecurity / Malware The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new...
