Emergence of New Supply Chain Malware Operation Targeting npm and PyPI Ecosystems Affects Millions Worldwide
Cybersecurity researchers have identified a significant supply chain attack targeting multiple packages associated with GlueStack, which has led to the delivery of malware. The threat was introduced through alterations…
Cybersecurity researchers have identified a significant supply chain attack targeting multiple packages associated with GlueStack, which has led to the delivery of malware. The threat was introduced through alterations…
ICE Initiates Deportation Proceedings Against Australian Cybersecurity Offender “DR32”
The recent developments regarding David Kee Crees, an Australian citizen, have garnered attention within the cybersecurity community. Crees, who has operated under various online aliases including “Abdilo,” “Notavirus,” “Surivaton,”…
The recent developments regarding David Kee Crees, an Australian citizen, have garnered attention within the cybersecurity community. Crees, who has operated under various online aliases including “Abdilo,” “Notavirus,” “Surivaton,”…
Malicious Browser Extensions Compromise Security of Over 700 Users Throughout Latin America Since Early 2025
Cybersecurity researchers have identified an ongoing campaign targeting users in Brazil since the beginning of 2025. This campaign involves the distribution of a malicious extension for Chromium-based web browsers…
Cybersecurity researchers have identified an ongoing campaign targeting users in Brazil since the beginning of 2025. This campaign involves the distribution of a malicious extension for Chromium-based web browsers…
Federal Government’s Engagement with Artificial Intelligence Regulations
On Thursday, a testimony was presented before the House Committee on Oversight and Government Reform during a hearing focused on the implications of artificial intelligence within the federal government.…
On Thursday, a testimony was presented before the House Committee on Oversight and Government Reform during a hearing focused on the implications of artificial intelligence within the federal government.…
Cybercriminals Exploit Phony IT Support Calls to Compromise Corporate Systems, Google
A financially motivated group of hackers identified as UNC6040 has adopted a straightforward yet efficient strategy to execute breaches within targeted organizations. This group primarily aims to exploit vulnerabilities…
A financially motivated group of hackers identified as UNC6040 has adopted a straightforward yet efficient strategy to execute breaches within targeted organizations. This group primarily aims to exploit vulnerabilities…
Weekly Security Overview (June 1 – June 7)
Last week, significant developments in the realm of information security were reported across various platforms.
Recent articles highlighted the concerning issue of AsyncRAT infections, with victims increasingly finding themselves…
Last week, significant developments in the realm of information security were reported across various platforms.
Recent articles highlighted the concerning issue of AsyncRAT infections, with victims increasingly finding themselves…
Evaluating the Limitations of Your IdP or CASB: Five Critical Risks Associated with Shadow IT
Organizations often overlook the risks of shadow IT, which do not require internal sabotage to lead to data breaches. Situations such as forgotten free trials, AI-powered tools syncing data…
Organizations often overlook the risks of shadow IT, which do not require internal sabotage to lead to data breaches. Situations such as forgotten free trials, AI-powered tools syncing data…
Trump Administration Updates Cybersecurity Regulations, Supersedes Previous Directive
US President Donald Trump has issued a new cybersecurity-related Executive Order, which supersedes prior directives issued by past administrations. This order notably restricts the application of cyber sanctions solely…
US President Donald Trump has issued a new cybersecurity-related Executive Order, which supersedes prior directives issued by past administrations. This order notably restricts the application of cyber sanctions solely…
AMI Group – Notice of Ransomware Incident Affecting Travel & Tours Services
As of June 3, there has been a recent notice communicated via Facebook regarding a potential cyber threat. At the time of this report, no formal announcement has been…
As of June 3, there has been a recent notice communicated via Facebook regarding a potential cyber threat. At the time of this report, no formal announcement has been…
Restricted Canva Creator Information Compromised Through AI Chatbot Database
A Chroma database managed by the Russian artificial intelligence chatbot startup My Jedai has been discovered exposed on the internet, resulting in the unauthorized disclosure of sensitive survey responses.…
A Chroma database managed by the Russian artificial intelligence chatbot startup My Jedai has been discovered exposed on the internet, resulting in the unauthorized disclosure of sensitive survey responses.…
Google Addresses Vulnerability Exposing Account-Linked Phone Numbers
A recently identified vulnerability within Google’s account recovery system has been rectified, which could have enabled malicious actors to execute a brute-force attack to disclose recovery phone numbers associated…
A recently identified vulnerability within Google’s account recovery system has been rectified, which could have enabled malicious actors to execute a brute-force attack to disclose recovery phone numbers associated…
Over 70 Organizations Across Diverse Sectors Compromised by China-Associated Cyber Espionage Threat Actor
The reconnaissance activity targeting a prominent cybersecurity firm, SentinelOne, forms part of a larger strategy of interconnected intrusions directed at multiple entities between July 2024 and March 2025.
The…
The reconnaissance activity targeting a prominent cybersecurity firm, SentinelOne, forms part of a larger strategy of interconnected intrusions directed at multiple entities between July 2024 and March 2025.
The…
Security Vulnerability in PayU Plugin Facilitates Account Takeover on 5,000 WordPress Sites
A critical vulnerability in the PayU CommercePro plugin has exposed thousands of WordPress sites to risks from unauthenticated attackers capable of hijacking user accounts.
Vulnerability in Shipping Cost API…
A critical vulnerability in the PayU CommercePro plugin has exposed thousands of WordPress sites to risks from unauthenticated attackers capable of hijacking user accounts.
Vulnerability in Shipping Cost API…
Executive Order On Cybersecurity Policy Revision by Former President Trump
President Donald Trump has enacted an executive order on cybersecurity, initiating a comprehensive update to U.S. cybersecurity policy. This order aims to discard certain aspects deemed problematic from previous…
President Donald Trump has enacted an executive order on cybersecurity, initiating a comprehensive update to U.S. cybersecurity policy. This order aims to discard certain aspects deemed problematic from previous…
Undetected Vulnerabilities in npm Packages Enable Complete System Compromise
Recent investigations have uncovered a number of malicious npm packages that contain hidden endpoints capable of wiping systems upon receiving specific commands. Security experts are urging developers to exercise…
Recent investigations have uncovered a number of malicious npm packages that contain hidden endpoints capable of wiping systems upon receiving specific commands. Security experts are urging developers to exercise…
Guidelines for Reporting Online Scams: Procedures and Resources
If you have fallen victim to a scam, it is crucial to report the incident to assist in preventing others from experiencing similar fraud and to enable authorities to…
If you have fallen victim to a scam, it is crucial to report the incident to assist in preventing others from experiencing similar fraud and to enable authorities to…
Compromised Ticketmaster Data from Snowflake Breach Reemerges on Dark Web Marketplace
The Arkana Security group recently listed what appeared to be newly stolen Ticketmaster data for sale, but it has been identified as data acquired during the 2024 Snowflake data…
The Arkana Security group recently listed what appeared to be newly stolen Ticketmaster data for sale, but it has been identified as data acquired during the 2024 Snowflake data…
CISA Includes Erlang SSH and Roundcube Vulnerabilities in the Catalog of Known Exploited Threats
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two significant security vulnerabilities affecting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV)…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two significant security vulnerabilities affecting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV)…
Daily Encounter Rate of Mobile Scams Reaches 44%, According to Malwarebytes Research
The ownership of smartphones has increasingly become a source of concern. The prevalence of malicious text messages disguised as package delivery notifications, phishing emails that mimic reputable brands, and…
The ownership of smartphones has increasingly become a source of concern. The prevalence of malicious text messages disguised as package delivery notifications, phishing emails that mimic reputable brands, and…
Adobe Deploys Critical Patch Addressing 254 Vulnerabilities to Mitigate High-Severity Security Risks
Adobe has released significant security updates addressing a total of 254 vulnerabilities that affect its software portfolio, predominantly impacting Adobe Experience Manager (AEM). Out of these, 225 vulnerabilities are…
Adobe has released significant security updates addressing a total of 254 vulnerabilities that affect its software portfolio, predominantly impacting Adobe Experience Manager (AEM). Out of these, 225 vulnerabilities are…
Android Enterprise Introduces Enhanced Security and Productivity Updates
Android Enterprise has introduced a series of features designed to enhance mobile security, optimize device management, and increase user productivity. These advancements are timely as organizations increasingly depend on…
Android Enterprise has introduced a series of features designed to enhance mobile security, optimize device management, and increase user productivity. These advancements are timely as organizations increasingly depend on…