2026Supply

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

AndyC 3 March 2026

Ravie LakshmananMar 02, 2026Supply Chain Attack / Malware Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview...

Read More

npm’s Update to Harden Their Supply Chain, and Points to Consider

npm’s Update to Harden Their Supply Chain, and Points to Consider

AndyC 14 February 2026

The Hacker NewsFeb 13, 2026Supply Chain Security / DevSecOps In December 2025, in response to the Sha1-Hulud incident, npm completed...

Read More

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

AndyC 5 February 2026

Ravie LakshmananFeb 04, 2026Supply Chain Security / Secure Coding The Eclipse Foundation, which maintains the Open VSX Registry, has announced...

Read More

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

AndyC 29 January 2026

Ravie LakshmananJan 28, 2026Supply Chain Security / Malware Cybersecurity researchers have discovered two malicious packages in the Python Package Index...

Read More

Face value: What it takes to fool facial recognition

Face value: What it takes to fool facial recognition

AndyC 14 March 2026

ESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he'll demo it all at RSAC 2026...

Read More

Cyber fallout from the Iran war: What to have on your radar

Cyber fallout from the Iran war: What to have on your radar

AndyC 13 March 2026

The war in Iran was less than 24 hours old when it produced a historic first: the deliberate targeting of commercial data centers. On March...

Read More

Sednit reloaded: Back in the trenches

Sednit reloaded: Back in the trenches

AndyC 11 March 2026

Since April 2024, Sednit’s advanced development team has reemerged with a modern toolkit centered on two paired implants, BeardShell and Covenant, each using a different...

Read More

What cybersecurity actually does for your business

What cybersecurity actually does for your business

AndyC 7 March 2026

Business Security The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed...

Read More

How SMBs use threat research and MDR to build a defensive edge

How SMBs use threat research and MDR to build a defensive edge

AndyC 6 March 2026

Corporate IT and security teams have the unenviable task of keeping relentless and increasingly sophisticated adversaries at bay. They’re often faced with limited resources and...

Read More

Protecting education: How MDR can tip the balance in favor of schools

Protecting education: How MDR can tip the balance in favor of schools

AndyC 5 March 2026

Business Security The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response...

Read More

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

AndyC 16 March 2026

When insider risk is a wellbeing issue, not just a disciplinary one

When insider risk is a wellbeing issue, not just a disciplinary one

AndyC 16 March 2026

When insider risk is a wellbeing issue, not just a disciplinary one

When insider risk is a wellbeing issue, not just a disciplinary one

AndyC 16 March 2026

Why must businesses be certain about AI-driven operational decisions

Cryptographic Agility in MCP Resource Server Orchestration

AndyC 16 March 2026

Why must businesses be certain about AI-driven operational decisions

How do AI-driven solutions fit upscale budgets

AndyC 16 March 2026