Security Issues, Vulnerabilities, Exploits & Government Alerts
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: TropOS Vulnerabilities: OS Command Injection, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow…
Security doesn’t fail at the point of breach. It fails at the point of impact. That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all…
Oct 30, 2025Ravie LakshmananCybersecurity / Hacking News The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing…
Oct 30, 2025Ravie LakshmananDevSecOps / Software Security Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets,…
Oct 29, 2025Ravie LakshmananVulnerability / Internet of Things Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and…
Oct 29, 2025Ravie LakshmananMachine Learning / AI Safety Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attacks.…
BeyondTrust’s annual cybersecurity predictions point to a year where old defenses will fail quietly, and new attack vectors will surge. Introduction The next major breach won’t be a phished password. It will be the result…
Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks. The activity, according to a new report from the…
Oct 29, 2025The Hacker NewsArtificial Intelligence / Compliance Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC). It’s no longer a future concept—it’s here, and it’s already reshaping how teams operate. AI’s capabilities…
Oct 29, 2025Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems. “The malware uses…