Bill Toulas reports: Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. The malicious packages have been added to NPM (Node Package Manager) over the weekend to steal developer and continuous integration and continuous delivery (CI/CD) secrets….
The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. “The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates,” Check Point said in a new analysis. “More than 1,600 victims were affected…
The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same…
Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0, is an evolution of a prior wave that was observed between September 2023 and March 2024. The…
The Open Web Application Security Project has recently introduced a new Top 10 project – the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Non-human identity security represents…
NYS Attorney General has been the most active state attorney general in terms of going after entities that don’t secure data properly. The following is from her latest press release: NEW YORK – New York Attorney General Letitia James secured $450,000 from three companies that distribute eufy home security video cameras for failing to secure consumers’…
ALEXANDRIA, Va., Feb. 26, 2025 /PRNewswire/ — Bluesight, the leading provider of inventory management, procurement, and compliance solutions for health systems and hospital pharmacies, today released its 2025 Breach Barometer report. The report, featuring analysis from DataBreaches.net and Clearwater, examines data breaches over the past year affecting U.S. patient and health data, highlighting the growing challenges healthcare…
