GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. […]
Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets
Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet.
The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs. The packages were collectively downloaded 7,451 times prior to them being removed from
The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs. The packages were collectively downloaded 7,451 times prior to them being removed from
CTEM 101 – Go Beyond Vulnerability Management with Continuous Threat Exposure Management
In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you’d want to do. But if you are looking for ways to continuously reduce risk across your environment while making significant and consistent improvements to security posture, in our opinion, you probably want to consider establishing a Continuous Threat Exposure
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code.
According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks.
“These attacks are orchestrated from domains less than a month old, with registrations dating back to February 12th, 2024,” security researcher
According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks.
“These attacks are orchestrated from domains less than a month old, with registrations dating back to February 12th, 2024,” security researcher
South Korean Citizen Detained in Russia on Cyber Espionage Charges
Russia has detained a South Korean national for the first time on cyber espionage charges and transferred from Vladivostok to Moscow for further investigation.
The development was first reported by Russian news agency TASS.
“During the investigation of an espionage case, a South Korean citizen Baek Won-soon was identified and detained in Vladivostok, and put into custody under a court
The development was first reported by Russian news agency TASS.
“During the investigation of an espionage case, a South Korean citizen Baek Won-soon was identified and detained in Vladivostok, and put into custody under a court
Tuta Mail adds new quantum-resistant encryption to protect email
Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. […]
Microsoft says Windows 10 21H2 support is ending in June
Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. […]
Okta says data leaked on hacking forum not from its systems
Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. […]
Researchers expose Microsoft SCCM misconfigs usable in cyberattacks
Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft’s Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. […]
Equilend warns employees their data was stolen by ransomware gang
New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. […]