How the Browser Became the Main Cyber Battleground
Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent:…
CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation
î ‚Jul 29, 2025î „Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity…
Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide
Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium’s Niagara Framework that could allow an attacker on the…
Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
î ‚Jul 28, 2025î „Ravie LakshmananMalware / Developer Tools In what’s the latest instance of a software supply chain attack, unknown threat…
⚡ Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More
Some risks don’t breach the perimeter—they arrive through signed software, clean resumes, or sanctioned vendors still hiding in plain sight….
Why It Needs a Modern Approach
Picture this: you’ve hardened every laptop in your fleet with real‑time telemetry, rapid isolation, and automated rollback. But the corporate…
Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
î ‚Jul 28, 2025î „Ravie LakshmananCyber Attack / Ransomware The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors…
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access
î ‚Jul 24, 2025î „Ravie LakshmananCybersecurity / Web Security Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the “mu-plugins” directory…
Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems
Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware…
China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community
î ‚Jul 24, 2025î „Ravie LakshmananCyber Espionage / Malware The Tibetan community has been targeted by a China-nexus cyber espionage group as…