Category: Uncategorized

  • Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

    Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

    Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating almost within the confines of SaaS environments, while leaving minimal traces of their actions.
    The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider (aka O-UNC-025 and UNC6661), have been attributed to high-speed data theft and
  • Top Five Sales Challenges Costing MSPs Cybersecurity Revenue

    Top Five Sales Challenges Costing MSPs Cybersecurity Revenue

    The managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 2030[1], with cybersecurity being the fastest-growing sector[2]. Despite this opportunity, many MSPs leave revenue on the table because their go-to-market strategy fails to connect technical expertise with business needs.
    This execution gap is where most deals stall. MSPs often focus on
  • Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

    Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

    A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence.
    The activity has been attributed to the GitHub account “BufferZoneCorp,” which has published a set of repositories that are associated with malicious Ruby gems and Go modules. As of
  • PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

    PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

    In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft.
    According to Aikido Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2 and 2.6.3, both of which were published on April 30, 2026. The campaign is assessed to be an extension of the
  • ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

    ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

    The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online.
    Security is always a moving target. Millions of servers are currently sitting online without any passwords, and
  • New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

    New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

    Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts.
    “The intrusion chain begins with execution of a batch script (‘install_obf.bat’) that disables Windows security controls, dynamically extracts an
  • New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions

    New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions

    Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root.
    The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori.
    “An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux
  • Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

    Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

    Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems.
    “The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,”
  • SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware

    SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware

    Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware.
    According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calling itself the mini Shai-Hulud – has affected the following packages associated with SAP’s JavaScript and cloud application
  • New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

    New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

    Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM).
    The package in question is “@validate-sdk/v2,” which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its real