Aug 19, 2025Ravie LakshmananSupply Chain Security The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. “These changes improve PyPI’s…
Aug 18, 2025Ravie LakshmananMalware / Enterprise Security The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises located in the…
Aug 18, 2025Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks.…
Aug 18, 2025Ravie LakshmananCybersecurity / Hacking News Power doesn’t just disappear in one big breach. It slips away in the small stuff—a patch that’s missed, a setting that’s wrong, a system no one is watching.…
Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. The package, named termncolor,…
Aug 18, 2025The Hacker NewsData Breach / Regulatory Compliance Organizations handling various forms of sensitive data or personally identifiable information (PII) require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to…
Aug 16, 2025Ravie LakshmananAndroid / Malware Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators’ infrastructure. “The newly uncovered version 3.0 reveals a…
Aug 16, 2025Ravie LakshmananMalware / Vulnerability The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub…
Aug 15, 2025Ravie LakshmananMalware / Open Source A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term…
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Thursday renewed sanctions against Russian cryptocurrency exchange platform Garantex for facilitating ransomware actors and other cybercriminals by processing more than $100 million…