With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for...
Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors....
The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being...
Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat....
The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company’s private code signing keys...
Enterprise communications service provider 3CX confirmed that the supply chain attack targeting its desktop application for Windows and macOS was the handiwork...
The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies....
Four different rogue packages in the Python Package Index (PyPI) have been found to carry out a number of malicious actions, including...
A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed...
Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware...
A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to...
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper...
The Russia-linked APT29 nation-state actor has been found leveraging a “lesser-known” Windows feature called Credential Roaming as part of its attack against...
Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a...
Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers...
If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: “supply chain attack”. A software...
An advanced persistent threat (APT) group operating with objectives aligned with the Chinese government has been linked to an organized supply chain...
Threat actors leveraged a cloud video hosting service to carry out a supply chain attack on more than 100 real estate websites...
Amidst the massive supply-chain ransomware attack that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about...
Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and...
Cybersecurity company Rapid7 on Thursday revealed that unidentified actors improperly managed to get hold of a small portion of its source code...