Poisoned npm Packages Disguised as Utilities Aim for System Wipeout
Backdoors lurking in legitimate-looking code contain file-deletion commands that can destroy production systems and cause massive disruptions to software supply chains.
-
-
SSH Keys: The Most Powerful Credential You’re Probably Ignoring
SSH keys enable critical system access but often lack proper management. This security blind spot creates significant risk through untracked, unrotated credentials that persist across your infrastructure.
-
Sophos Emergency Incident Response is now available
The first service combining the power of Sophos and Secureworks.
-
The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier
Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs — including application secrets, API keys, service accounts, and OAuth tokens — have exploded in recent years, thanks…
-
Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account
Google has stepped in to address a security flaw that could have made it possible to brute-force an account’s recovery phone number, potentially exposing them to privacy and security risks. The issue, according to Singaporean security researcher “brutecat,” leverages an issue in the company’s account recovery feature. That said, exploiting the vulnerability hinges on several…
-
Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises
The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States (CIS) countries. “A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries,” Kaspersky said. “The malicious functionality…
-
CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below – CVE-2025-32433 (CVSS score: 10.0) – A missing authentication for a critical
-
New Trump Cybersecurity Order Reverses Biden, Obama Priorities
The White House put limits on cyber sanctions, killed the digital ID program, and refocused the government’s cyber activities to enabling AI, rolling out post-quantum cryptography, and promoting secure software design.
-
New Trump Cybersecurity Order Reverses Biden, Obama Priorities
The White House put limits on cyber sanctions, killed the digital ID program, and refocused the government’s cyber activities to enabling AI, rolling out post-quantum cryptography, and promoting secure software design.
-
OpenAI Bans ChatGPT Accounts Linked to Nation-State Threat Actors
The AI company’s investigative team found that many accounts were using the program to engage in malicious activity around the world, such as employment schemes, social engineering, and cyber espionage.