416 posts from this source
Overview A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, accordi...
Summary The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a critical security flaw impacting F5 BIG‑IP Access Policy Manager APM t...
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit...
Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web‑based attacks and urge them t...
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malici...
Cybersecurity researchers have disclosed details of a now‑patched bug impacting Open VSX's pre‑publish scanning pipeline, which allowed a malicious Microsoft Vi...
Threat actors are using adversary-in-the-middle AitM phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report fr...
Introduction: One tech power to rule them all is a thing of the past Rising geopolitical tensions are reflected or in some cases preceded by cyber operations,...
Overview A pro‑Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the thr...
A pro‑Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landsc...
Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesyst...
A long-term and ongoing campaign attributed to a China‑nexus threat actor has embedded itself in telecom networks to conduct espionage against government networ...
Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious promp...
Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world...
Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too...
Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. B...
Overview The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the...
The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same explo...
Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively b...
Arrest The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. Acco...
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi‑stage framework capable of comprehensive data theft and i...
In September 2025, Anthropic disclosed that a state‑sponsored threat actor used an AI coding agent to execute an autonomous cyber‑espionage campaign against 30...
Sentencing The U.S. Department of Justice DoJ announced that a Russian national has been sentenced to two years in prison for managing a botnet used to launch...
Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organi...
The U.S. Federal Communications Commission FCC announced on Monday that it is banning the import of new, foreign‑made consumer routers, citing “unacceptable” ri...
Overview TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm. Two malicious v...
markdown !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmubYXPf6QmmyAgoyu58-O141BOTc-D3aKKUtKXg1IFX6pn4Wav7yspHRPiWKScygEd1vsHmeH5zQLjwG38pOlDggYg...
'Malvertising Campaign Targeting Tax‑Related Searches Jan 2026 – Present
An ongoing phishing campaign is targeting French‑speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and info...
Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice,...
Overview Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The...
On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. > For those u...
Compromised GitHub Actions Workflows Two more GitHub Actions workflows have become the latest to be compromised by credential‑stealing malware operated by the...
!Ransomware Damagehttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiwErtmK3J6s3ZBAWrZmJFdn-SsFPTX_zrl0bvQ9n-ZCC1ENEur-h3l19pl6UP2D2HOJPXbanjebnde0RSf...
Citrix has released security updateshttps://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300 to address two vulnerabilities in NetScaler...
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaf...
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore...
AWS Bedrock is Amazon's platform for building AI‑powered applications. It gives developers access to foundation models and the tools to connect those models dir...
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campa...
Ravie Lakshmanan Mar 23, 2026 – Cloud Security / DevOps !Docker imagehttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3tECPxIu-t1cl5YE211vm5q8dB99cO4...
!Quest KACE Systems Management Appliance SMAhttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuTlyFHjxX97gPhHFjyvPGAPsLFbWQSHzAofYEPTsqZS1Xyc4KjjMDOqW...
Ravie LakshmananMar 21, 2026Cyber Espionage / Threat Intelligence !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiMsZnvgdoACYJn8WjDy_Lpvpy1iqvGp...
Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxIh9aqIMPc6elNLcqZwmxGq0BHfA3NS2k...
Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJQDea3eiUAONNSYkmQsjicwXBMSALOAUJ...
Ravie LakshmananMar 21, 2026Malware / Threat Intelligence !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJqn31IC9aCQ9LMLCLRXgpwsa1gvtzXlYk20-1yR...
!https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNf7vYlImTCJ7BCjYYEhoFZXTawhHcJJad9cFjQn98oQjaPY9HY6Qgpp6pAyqkq7CNHyVXI9fR8hcyVNlW_knYia3f0BhAlK7fZb...
!Critical Langflow Flawhttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2uKC6w30P_dGu6jY7cfDW9xY9ElBbdwmshMQwltpgGrYMyN9TOPaFRbeHh_KM9QUBB7g77BpRq559...
Ravie LakshmananMar 20, 2026Data Privacy / Mobile Security !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgg5Jk2lVSKahNb8j13vUPG5pkYP6zhO6lI9b-X5...
