General cybersecurity industry news, market trends, and analysis
Two cybersecurity experts got 4-year sentences after enabling 2023 BlackCat attacks, exposing insider abuse and $1.2M ransom impact.
Sleeper packages in Ruby and Go steal credentials and alter CI workflows, leading to persistent access and data exfiltration.
Threat actors are relying on social engineering to lure users into downloading files containing malicious instructions.
A new alert from the FBI says criminal enterprises are hacking both brokers and carriers to steal cargo for resale.
The compromised Lightning and Intercom packages have a combined monthly download count of nearly 10 million.
Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain attacks broaden.
The proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available.
In this latest installment of the Reporters' Notebook video series, we discuss how the new AI model threatens to completely upend cybersecurity, and what industry leaders are telling the press.
With Mythos signaling a new era of near-instant exploitation, Anthropic positions Claude Security to help defenders keep pace.
Industrialized cybercrime delivers attacks with greater scale, speed and success. Defenders must match this with use of AI and automation.
Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and forced remediation.
The bugs could be exploited to bypass security controls, access restricted services, and crash firewalls.
