Email Bombing, ‘Vishing’ Tactics Abound in Microsoft 365 Attacks

Blog

By January 21, 2025

Sophos noted more than 15 attacks have been reported during the past three months.

Blog

40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. “The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling

Read More 40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Blog

Tired of Unpaid Toll Texts? Blame the ‘Smishing Triad’

Chinese smishers — the bane of every American with a phone — have been shifting to lower-frequency, possibly higher-impact government impersonation attacks.

Read More Tired of Unpaid Toll Texts? Blame the ‘Smishing Triad’
Blog

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar

The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale. Push Security, in a report shared with The Hacker News, said it observed…

Read More Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar
Blog

Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine

Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla group’s Kazuar backdoor on an endpoint in Ukraine in February 2025, indicating that Turla is very…

Read More Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine
Blog

Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support

A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishing-resistant authentication method by default. “Brand new Microsoft accounts will now be ‘passwordless by default,’” Microsoft’s Joy Chik and Vasu Jakkal said. “New users will have…

Read More Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support
Blog

Securing CI/CD workflows with Wazuh

Continuous Integration and Continuous Delivery/Deployment (CI/CD) refers to practices that automate how code is developed and released to different environments. CI/CD pipelines are fundamental in modern software development, ensuring code is consistently tested, built, and deployed quickly and efficiently. While CI/CD automation accelerates software delivery, it can also introduce security

Read More Securing CI/CD workflows with Wazuh

Related