https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak Recent reports of a “mother of all breaches” involving 16 billion credentials have sparked widespread media coverage and alarm, but cybersecurity experts are clarifying that...
https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation Cybersecurity researchers have uncovered a large-scale malware campaign that compromised more than 269,000 legitimate websites in just one month using a sophisticated JavaScript...
https://www.theregister.com/2025/06/16/scattered_spider_targets_insurance_firms Google’s threat intelligence team has issued urgent warnings that the notorious Scattered Spider cybercrime group has pivoted from targeting retail companies to launching...
I had the great opportunity to participate in a panel discussion on Industry Trends for AI in the Software Supply Chain.I enjoyed the conversations and loved hearing everyone’s perspective on their observations and projections.The event also showcased some of...
Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted Apple has confirmed that a critical zero-click vulnerability in its Messages app was actively exploited by sophisticated attackers to infect European journalists...
https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/ Security researchers have uncovered a sophisticated criminal advertising ecosystem that leverages fake CAPTCHA challenges to trick users into enabling malicious push notifications,...
https://www.apra.gov.au/for-action-information-security-obligations-and-critical-authentication-controls Australia’s financial regulator has issued an urgent directive to all superannuation funds, demanding they assess and strengthen their authentication...
https://www.aikido.dev/blog/supply-chain-attack-on-react-native-aria-ecosystem Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting over a dozen packages associated with GlueStack, delivering malware to developers worldwide. The...
https://fearsoff.org/research/roundcube More than 84,000 Roundcube webmail installations worldwide remain vulnerable to CVE-2025-49113, a critical remote code execution flaw that affects versions spanning over a decade and has already been exploited by cybercriminals...
The strange tale of ischhfd83: When cybercriminals eat their own Sophos researchers have traced more than a hundred backdoored malware repositories on GitHub to a single Russian threat actor using the identifier “ischhfd83,” who has been systematically...