Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

04/06/2025 0 Comments 0 tags

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens,

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

04/06/2025 0 Comments 0 tags

Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

03/06/2025 0 Comments 0 tags

Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

03/06/2025 0 Comments 0 tags

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization

03/06/2025 0 Comments 0 tags

In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news

Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

03/06/2025 0 Comments 0 tags

A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new

Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion

03/06/2025 0 Comments 0 tags

Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. “By mapping where our knowledge

Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues

03/06/2025 0 Comments 0 tags

Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing “patterns of concerning behavior observed over the past year.” The changes are

New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch

03/06/2025 0 Comments 0 tags

Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity

Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN

02/06/2025 0 Comments 0 tags

Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset