UNC6426 exploits nx npm Supply-Chain attack to gain AWS admin access in 72 hours
UNC6426 leveraged nx npm supply chain compromise to achieve complete AWS admin access within 72 hours, demonstrating devastating speed of modern cyberattacks.
Secure-by-Design principles extend beyond code to combat enterprise risk
Organizations adapt secure-by-design software practices to tackle non-technical risks like governance failures and human error across business operations.
AI browser vulnerability exposed: Perplexity's Comet tricked into phishing scam in under four minutes
Security researchers successfully manipulated Perplexity's Comet AI browser into falling for phishing scams in under four minutes, exposing critical vulnerabilities.
Please don't feed the scattered Lapsus shinyhunters: The rise of a ruthless ransomware gang
Scattered Lapsus ShinyHunters represents a dangerous evolution in ransomware tactics, combining traditional cyberattacks with real-world harassment and swatting
International law enforcement dismantles SocksEscort botnet: 369,000 compromised ips used for global cybercrime
International law enforcement dismantles SocksEscort botnet that compromised 369,000 IPs across 163 countries, enabling large-scale fraud through infected routers.
Unmasking 'dort': The elusive mastermind behind the Kimwolf botnet empire
The mysterious 'Dort' controls the world's largest botnet, escalating from DDoS attacks to real-world swatting incidents against security researchers.
'InstallFix' campaign exploits AI coding tools to spread malware via fake Claude sites
New 'InstallFix' campaign uses fake Claude AI sites and malvertising to trick developers into executing malicious code, exploiting trust in AI coding tools.
Security teams grapple with agentic AI Auto-Remediation readiness
Security teams face readiness challenges as agentic AI promises autonomous threat remediation, raising questions about trust, governance, and infrastructure preparedness.
AI-Powered attackers outpace patching: Bug exploitation now top Google cloud attack vector
AI empowers attackers to exploit cloud vulnerabilities faster than patching cycles, making bug exploitation the top Google Cloud attack vector, surpassing credential theft.
White house cyber strategy pivots to offensive operations: A new era of digital deterrence
Trump administration's 2018 National Cyber Strategy marked a historic shift toward offensive cyber operations, emphasizing preemption and deterrence over defense.
Xygeni GitHub action compromised via tag poison attack: Critical supply chain breach exposes enterprise security risks
Xygeni's GitHub Action fell victim to tag poisoning attack, allowing C2 implant to operate for a week, highlighting critical supply chain vulnerabilities.
How Ceros gives security teams visibility and control over Claude code AI agents
Ceros provides critical visibility and control over AI coding agents like Claude Code, addressing security gaps as these autonomous tools proliferate in enterprises