Tenable CEO Amit Yoran Dead at 54

Connor Smith reports: Six months after a massive data breach that impacted students, families and school staff around the country – including each school district in Southeastern North Carolina – the North Carolina Department of Public Instruction (NCDPI) has renewed part of its contract with the company at the center of the breach. On Monday,…

Updates include novel abuse of recruitment platforms, modified infection chains, and expansion into a hybrid operation that combines data theft and ransomware deployment

A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into…

What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks—because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It’s not just…

A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code execution, SAP security company Onapsis said. CVE-2025-31324 (CVSS score: 10.0) – Missing

In their newest escalation of activities since saying “goodbye” and then determinedly trying to create more chaos on Telegram. the Scattered LAPSUS$ Hunters collective (for lack of a better word right now), has opened up a leak site in both clear net and onion versions. In its debut, the group has targeted Salesforce, and is……