News

Advancing cybersecurity for K-12 and libraries: Strategic considerations for the FCC Cybersecurity Pilot Program

Bys s July 28, 2025

If you are preparing an RFP or Form 470 submission under the Cybersecurity Pilot Program, we encourage you to connect with us.

News

Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
Bys s December 1, 2025

The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. “These attacks highlight a notable shift in Tomiris’s tactics, namely the increased use of implants that leverage public services (e.g., Telegram and Discord)…

Read More Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
News

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
Bys s November 24, 2025

Bill Toulas reports: Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. The malicious packages have been added to NPM (Node Package Manager) over the weekend to steal developer and continuous integration and continuous delivery (CI/CD) secrets…….

Read More Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
News

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
Bys s October 1, 2025

A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances. The vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It has been described as…

Read More OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
News

Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
By January 2, 2025

Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems. The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a…

Read More Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
News

US Charges 3 Russians for Operating Cryptocurrency Mixers Used by Cybercriminals
Bys s January 13, 2025

The US Justice Department has announced charges against three Russians for operating the Blender and Sinbad cryptocurrency mixers. The post US Charges 3 Russians for Operating Cryptocurrency Mixers Used by Cybercriminals appeared first on SecurityWeek.

Read More US Charges 3 Russians for Operating Cryptocurrency Mixers Used by Cybercriminals
News

Sophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job
Bys s August 7, 2025

Following on from our preview, here’s Ben Gelman and Sean Bergeron’s research on enhancing command line classification with benign anomalous data

Read More Sophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job

Similar Posts