General cybersecurity industry news, market trends, and analysis
LiteLLM 1.82.7–1.82.8 supply chain attack exposed 33,185 secrets across 6,943 machines, leaving 3,760 valid credentials active.
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.
Qilin disables 300+ EDR drivers using BYOVD in 2025 attacks, delaying encryption six days, increasing breach impact.
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely.
BKA identified REvil leaders tied to 130 German attacks causing €35.4M damage, exposing key ransomware figures.
$285M stolen after six-month DPRK social engineering campaign began fall 2025, exposing Drift’s contributors and cloud assets.
36 npm packages disguised as Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
CVE-2026-35616 (CVSS 9.1) exploited since March 31, 2026, affects FortiClient EMS 7.4.5–7.4.6, enabling privilege escalation.
Hackers stole over 300GB of data from the Commission’s AWS environment, including personal information.
Data privacy labels are a great idea for mobile apps, but the current versions just aren't good enough.
TA416 targeted European governments from mid-2025 using PlugX and OAuth abuse, enabling cyber espionage against EU and NATO entities.
