Kimwolf botnet infiltrates 2 million IoT devices in critical infrastructure networks
Kimwolf botnet compromises 2M+ IoT devices in govt/corporate networks, enabling DDoS attacks & malicious traffic relay through sophisticated lateral movement.
GlassWorm malware campaign hijacks GitHub tokens to poison python repositories
GlassWorm malware campaign exploits stolen GitHub tokens to inject malicious code into Python repositories, targeting Django, ML projects, and PyPI packages.
UNC6426 exploits nx npm Supply-Chain attack to gain AWS admin access in 72 hours
UNC6426 leveraged nx npm supply chain compromise to achieve complete AWS admin access within 72 hours, demonstrating devastating speed of modern cyberattacks.
Secure-by-Design principles extend beyond code to combat enterprise risk
Organizations adapt secure-by-design software practices to tackle non-technical risks like governance failures and human error across business operations.
AI browser vulnerability exposed: Perplexity's Comet tricked into phishing scam in under four minutes
Security researchers successfully manipulated Perplexity's Comet AI browser into falling for phishing scams in under four minutes, exposing critical vulnerabilities.
Please don't feed the scattered Lapsus shinyhunters: The rise of a ruthless ransomware gang
Scattered Lapsus ShinyHunters represents a dangerous evolution in ransomware tactics, combining traditional cyberattacks with real-world harassment and swatting
International law enforcement dismantles SocksEscort botnet: 369,000 compromised ips used for global cybercrime
International law enforcement dismantles SocksEscort botnet that compromised 369,000 IPs across 163 countries, enabling large-scale fraud through infected routers.
Unmasking 'dort': The elusive mastermind behind the Kimwolf botnet empire
The mysterious 'Dort' controls the world's largest botnet, escalating from DDoS attacks to real-world swatting incidents against security researchers.
'InstallFix' campaign exploits AI coding tools to spread malware via fake Claude sites
New 'InstallFix' campaign uses fake Claude AI sites and malvertising to trick developers into executing malicious code, exploiting trust in AI coding tools.
Security teams grapple with agentic AI Auto-Remediation readiness
Security teams face readiness challenges as agentic AI promises autonomous threat remediation, raising questions about trust, governance, and infrastructure preparedness.
AI-Powered attackers outpace patching: Bug exploitation now top Google cloud attack vector
AI empowers attackers to exploit cloud vulnerabilities faster than patching cycles, making bug exploitation the top Google Cloud attack vector, surpassing credential theft.
White house cyber strategy pivots to offensive operations: A new era of digital deterrence
Trump administration's 2018 National Cyber Strategy marked a historic shift toward offensive cyber operations, emphasizing preemption and deterrence over defense.











