Exposed Secrets are Everywhere. Here’s How to Tackle Them
Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible...
Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware
Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by...
Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote...
Russian Hackers Had Covert Access to Ukraine’s Telecom Giant for Months
Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar's systems at least since May...
New Bandook RAT Variant Resurfaces, Targeting Windows Machines
A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows machines,...
Three Ways To Supercharge Your Software Supply Chain Security
Section four of the "Executive Order on Improving the Nation's Cybersecurity" introduced a lot of people in tech to the concept of a "Software...
Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners
Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected...
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT
The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software."The group's...
Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack
American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker...
Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to...
