TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. [...]
A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. [...]
Chinese APT Red Menshen's super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down.
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
The list of countries exploiting internet-connected cameras to give them eye's inside their adversaries' borders continues to expand, with Russia, Iran, Israel, Ukraine, and the United States all using the tactic. What should companies look out for?
Agentic GRC automates workflows, forcing teams to rethink their role beyond operations. Anecdotes explains why the biggest challenge is shifting from execution to risk leadership. [...]
Operational technology (OT) at industrial and critical infrastructure sites seem to have been benefitting from a lull in ransomware, and hackers' relative ignorance of OT systems.
The post-quantum future may be coming sooner than you think, as Google plans to have PQC migration in place by 2029.
‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration
Un acteur de menace a accédé à au moins un compte AWS de la Commission Européenne, volant plus de 350 GB de données incluant des bases de données et un serveur email d'employés. L'incident a été rapidement détecté ; la Commission enquête sans détails publics pour l'instant. AWS confirme que ses services ont fonctionné comme prévu, indiquant une compromission du compte client.
The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”
The Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. [...]
Microsoft has released the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2, which includes 29 changes, such as Smart App Control and Display improvements. [...]
La Police nationale néerlandaise (Politie) a subi une brèche de sécurité résultant d'une attaque de phishing réussie. L'impact est limité et n'a pas affecté les données des citoyens. L'incident a été divulgué le 27 mars 2026.
Le club néerlandais AFC Ajax a divulgué qu'un hacker a exploité des vulnérabilités IT pour accéder aux données de quelques centaines de personnes, permettant le vol de billets. Bien que non financier direct, impacte la grande région et services numériques en Europe. Notification potentielle RGPD.
Nation-state malware is being sold on the Dark Web and leaked to GitHub; and ordinary organizations might not stand much of a chance of defending themselves.
The agency put foreign-made consumer routers on its list of prohibited communications devices, but the ban could create more problems down the road.
More than a decade since the 2015 Jeep hack, the cybersecurity of vehicles remains of the utmost importance.