Aug 19, 2025Ravie LakshmananLinux / Malware Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual…
Aug 19, 2025Ravie LakshmananMalware / Cyber Attack Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT. The malicious activity involves…
Aug 19, 2025Ravie LakshmananVulnerability / Cyber Espionage A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The…
Aug 19, 2025Ravie LakshmananEncryption / Cloud Security The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have enabled access to the protected data…
After two decades of developing increasingly mature security architectures, organizations are running up against a hard truth: tools and technologies alone are not enough to mitigate cyber risk. As tech stacks have grown more sophisticated…
Aug 19, 2025Ravie LakshmananSupply Chain Security The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. “These changes improve PyPI’s…
Aug 18, 2025Ravie LakshmananMalware / Enterprise Security The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises located in the…
Aug 18, 2025Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks.…
Aug 18, 2025Ravie LakshmananCybersecurity / Hacking News Power doesn’t just disappear in one big breach. It slips away in the small stuff—a patch that’s missed, a setting that’s wrong, a system no one is watching.…
Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. The package, named termncolor,…