News

CISA Releases Cybersecurity Performance Goals 2.0 for Critical Infrastructure

Bys s December 23, 2025

Ashden Fein, Caleb Skeath, John Webster Leslie, and Krissy Chapman of Covington and Burling write: On December 11, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) released its Cybersecurity Performance Goals 2.0 (“CPG 2.0”), an update to its core set of recommended cybersecurity practices for critical infrastructure owners and operators, which we previously wrote about here. Established by the…

Source

News

North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
By December 27, 2024

North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for potential job opportunities into

Read More North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
News

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes
Bys s August 8, 2025

A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users. The activity is assessed to be active since at least March 2023, according to the software supply chain security company Socket….

Read More RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes
News

Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities
Bys s February 10, 2025

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync…

Read More Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities
News

PJobRAT makes a comeback, takes another crack at chat apps
Bys s March 27, 2025

Sophos X-Ops uncovers a recent campaign from an Android RAT first seen in 2019 – now infecting users in Taiwan

Read More PJobRAT makes a comeback, takes another crack at chat apps
News

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks
Bys s June 26, 2025

An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. “In some of those campaigns, Israeli technology and cyber security professionals were approached by attackers who posed as fictitious assistants to

Read More Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks
News

Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom
Bys s March 6, 2025

The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to data from the Symantec Threat Hunter…

Read More Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

Similar Posts