WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide
Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence A newly discovered campaign has compromised tens of thousands of outdated or end-of-life...
compromised
From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting
TL;DR We discovered a vulnerability in a popular MCP server hosting service that compromised thousands of AI servers and...
Introducing Sophos Identity Threat Detection and Response (ITDR)
Adversaries exploit compromised identities, infrastructure weaknesses, and misconfigurations to gain unauthorized access to sensitive data and systems, putting user-based access...
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices...
New Android Banking Trojan “Klopatra” Uses Hidden VNC to Control Infected Smartphones
A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported...
Self-Replicating Worm Compromising Hundreds of NPM Packages
An ongoing supply chain attack dubbed "Shai-Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm...
How npm Security Collapsed Thanks To a 2FA Exploit
Billions (No, that’s not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node...
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack
Sep 09, 2025Ravie LakshmananCryptocurrency / Software Security Multiple npm packages have been compromised as part of a software supply chain...
Coinbase Hacked and Turns the Tables on the Cybercriminals!
This is how you handle cybercrime digital extortion! Coinbase was compromised by trusted 3rd party partners, which exposed customer data — but...
The widely-used xrpl.js Ripple digital currency library was breached in a supply chain infiltration
The frequently utilized xrpl.js Ripple digital currency library was compromised during a supply chain breach Pierluigi Paganini April 23, 2025...
Exploiting CRM Accounts for Cryptocurrency Seed Poisoning with PoisonSeed
Through the utilization of stolen login details from customer management platforms and large-scale email services, a nefarious initiative named PoisonSeed...
5 Crucial Elements for Detecting & Responding to Identity Risks for Outstanding SaaS Security
Identity-driven assaults are increasing. Intruders are aiming at identities with breached credentials, stolen authentication techniques, and abused authorities. Despite numerous...
US Treasury Department Breached by Cyber Threat Group with Ties to China
A cyberattack linked to China compromised the U.S. Treasury Department, exploiting a vulnerability in the third-party cybersecurity provider BeyondTrust to...
SeriousSpy Malicious Software Planted on Reporter’s Mobile After Accessing It Using Cellebrite Device
One journalist from Serbia experienced the initial unlocking of his mobile device using a Cellebrite device, followed by infiltration of...
Discover Effective Methods for Safeguarding Privileged Accounts—Verified PAS Approaches Online Seminar
Hackers are aware that privileged accounts hold considerable power. A single breached account can result in data theft, operational disruptions,...
