Tag: security

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device. The flaw was reported by security researcher Lyra Rebane and acknowledged as valid in December 2022, as per the thread on Chromium Issue Tracker. […]

In recent years, cryptocurrency theft operations have evolved far beyond isolated phishing pages and fake NFT mint scams. What once consisted mainly of individual actors running malicious wallet-connection pages has increasingly developed into a structured underground service economy built around “Drainer-as-a-Service” (DaaS) platforms. Unlike traditional malware operations, crypto drainers typically rely on social engineering rather […]

A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively. The operation has been active since at least mid-2022 and targeted organizations across the Asia Pacific and parts of the Middle East. It was attributed to the Calypso threat group, also tracked as Red […]

Cisco has released security updates to address a maximum-severity Secure Workload vulnerability that allows attackers to gain Site Admin privileges. Formerly known as Cisco Tetration, Cisco Secure Workload helps admins reduce their network’s attack surface through zero trust microsegmentation and stop lateral movement to keep business applications safe. Tracked as CVE-2026-20223, the security flaw was […]

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week’s TanStack npm supply-chain attack. This attack is attributed to the TeamPCP threat group and began with the compromise of dozens of TanStack and Mistral AI npm packages, then quickly […]

The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California. According to the Ukrainian police, the threat actor used information-stealing malware between 2024 and 2025 to infect users’ devices and steal browser sessions […]

Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. During the intrusions, the hacker took between 30 and 60 minutes to log in, do network reconnaissance, test credential reuse on internal systems, and log out. SonicWall warned in a security advisory for […]

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. In the ongoing Shai-Hulud malware campaign attributed to TeamPCP hackers, dozens of TanStack packages infected with credential-stealing code were published on the npm index, compromising developer environments, including Grafana’s. When […]

Identity has long been the load-bearing wall of cybersecurity. The logic was simple: verify the employee, secure the access. But as professionalized threat actors weaponize AI and sophisticated phishing kits, that wall is cracking. Identity is being forced to carry a structural burden it was never designed to support. While identity isn’t obsolete, in ecosystems […]