Security Issues, Vulnerabilities, Exploits & Government Alerts
Aug 01, 2025Ravie LakshmananMalware / Artificial Intelligence Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer “advanced…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) announced the availability of over $100 million in cybersecurity grant funding to strengthen community cybersecurity. This Notice of Funding…
Just as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on the tools they deploy and more on the data that powers them The…
Aug 01, 2025Ravie LakshmananThreat Intelligence / Ransomware The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also…
Jul 31, 2025Ravie LakshmananCyber Espionage / Network Security The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of…
Jul 31, 2025Ravie LakshmananPhishing / Threat Intelligence Cybersecurity researchers have disclosed details of a new phishing campaign that conceals malicious payloads by abusing link wrapping services from Proofpoint and Intermedia to bypass defenses. “Link wrapping…
Jul 31, 2025Ravie LakshmananCryptocurrency / Malware The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. “Under the guise of…
WASHINGTON –Today, the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with Sandia National Laboratories, released Thorium, an automated, scalable malware and forensic analysis platform that can integrate commercial, custom and open-source analysis tools and enable…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Güralp Systems Equipment: Güralp FMUS Series Seismic Monitoring Devices Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of…
Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is…