When the watchdog gets bit: An analysis of the Trivy vulnerability scanner supply chain attack
A deep-dive analysis of the supply chain attack on Aqua's Trivy scanner, which saw hackers distribute the RedLine Stealer malware via official channel
The hidden cost of cybersecurity specialization: foundational skills are eroding
Despite advanced tools and specialized roles, many security teams are losing foundational skills, leaving them vulnerable to basic, preventable attack
TeamPCP hacks Checkmarx GitHub Actions using stolen CI credentials
A threat actor named TeamPCP has compromised two Checkmarx GitHub Actions, creating a major supply chain risk by stealing credentials from user workfl
Anthropic patches critical zero-click flaw in Claude Chrome extension
A zero-click XSS flaw in the Claude Chrome extension allowed any website to inject malicious prompts, risking data theft before Anthropic issued a pat
LinkedIn secretly scans for over 6,000 Chrome extensions, collects data
A new "BrowserGate" report reveals LinkedIn's hidden script that scans for 6,000+ Chrome extensions, raising major privacy and user profiling concerns
Drone strikes deep inside Russia signal a new phase of asymmetric warfare
An in-depth analysis of the November 2023 drone strikes on Tolyatti and Taganrog, revealing a sophisticated strategy to disrupt Russia's war effort.
AI assistant finds critical code execution flaws in Vim and Emacs
A security researcher used simple prompts with the Claude AI to discover critical remote code execution bugs in Vim and Emacs, both now patched.
European Commission confirms major data breach linked to software supply chain attack
Over 300GB of data, including personal information, was stolen from the European Commission in a supply chain attack targeting its AWS environment.
Beyond the battlefield: Iran's cyber arsenal and the threat to US infrastructure
Geopolitical friction between the U.S. and Iran fuels a shadow war in cyberspace, with Iranian APTs targeting critical infrastructure with destructive
Anatomy of a swarm: Deconstructing Russia's hybrid drone attacks on Ukraine
A deep dive into Russia's large-scale drone attacks on Ukraine, analyzing the cyber-physical technology, the impact on critical infrastructure, and st
XR headsets could use your skull's vibrations to log you in
Emerging research details a biometric system that uses the unique skull vibrations from a user's heartbeat and respiration to provide continuous authe
Blast radius of TeamPCP attacks expands amid hacker infighting
A complex web of supply chain attacks, data breaches, and conflicting claims from groups like TeamPCP, Lapsus$, and ShinyHunters creates chaos for def