Inside Shanya, a packer-as-a-service fueling modern attacks
The ransomware scene gains another would-be EDR killer
Similar Posts
Third Parties and Machine Credentials: The Silent Drivers Behind 2025’s Worst Breaches
Bys sIt wasn’t ransomware headlines or zero-day exploits that stood out most in this year’s Verizon 2025 Data Breach Investigations Report (DBIR) — it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party exposure and machine credential abuse. According to the 2025 DBIR, third-party involvement…
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
Bys sA new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as…
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw
Bys sSolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands on susceptible systems. The vulnerability, tracked as CVE-2025-26399 (CVSS score: 9.8), has been described as an instance of deserialization of untrusted data that could result in code…
RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
Bys sA group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface,…
Esse Health provides update about April cyberattack and notifies 263,601 people
Bys sEsse Health has notified the Maine Attorney General’s Office that 263,601 people were affected by an incident they first disclosed in early May. Esse has 45 locations in and around the St. Louis metropolitan area. According to their notices and update of June 20, 2025, Esse first became aware of unusual activity on its system…
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack
Bys sMultiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a phishing attack. The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm (“support@npmjs[.]help”), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025,…