Aqua Nautilus security researchers have revealed that threat actors could perform a timing attack on npm’s API to uncover private packages. The timing attack on the JavaScript package manager can…
The BlackByte ransomware group is actively exploiting a vulnerability in RTCore32.sys and RTCore64.sys, the drivers of a widely used graphic card utility called Micro-Star MSI AfterBurner (version 4.6.2.15658). Recorded as…
ZINC, a sub-group of the notorious North Korean Lazarus hacking group, has implanted malicious payloads in open-source software to infiltrate corporate networks, Microsoft’s threat hunting team has reported. PuTTY, KiTTY,…
Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery (CI/CD) compromises, or basic web exploitation of outdated dependencies, there are many software supply chain attacks adversaries can…
Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. The researchers believe it could be used against…
A retired threat actor has returned with new attacks aimed at the cloud, containers – and encryption keys. The Aqua Nautilus research team observed three attacks that appeared very similar…
AT&T Alien Labs has discovered a new Linux malware that can be used for highly evasive attacks, as the infection has been designed for persistence and runs on practically all…
A cybersecurity consultant has discovered a new attack chain that leverages GIF images in Microsoft Teams to execute arbitrary commands on the target’s machine. The exploit uncovered by Bobby Rauch…
Vulnerability management systems based on the Common Vulnerability Scoring System (CVSS) v2 scoring system may be misguided, as a new report found that roughly half of the most critical vulnerabilities…
The widely-used DevOps platform GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The vulnerability was reported for a number of versions of GitLab…
Subscribe to Cybersecurity Insider for top news, trends & analysis