Patching fast and slow: Ruby devs delay to defend against supply chain attack
The team behind RubyGems, a package hosting site for Ruby developers, has added a new feature to bundler, a tool for managing Ruby packages (or ‘gems’) to pr...
Aggregating 5810 articles from trusted cybersecurity sources
The team behind RubyGems, a package hosting site for Ruby developers, has added a new feature to bundler, a tool for managing Ruby packages (or ‘gems’) to pr...
When Open Source is a bit too Open Several fun modules landed this week, including an Apache RCE, Windows Kernel pointer collection, and Gogs RCE via naming....
Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific condi...
CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerabili...
The sophisticated attack utilizes Google Tag Manager (GTM) and Stripe domains, which are implicitly trusted by e-commerce sites, allowing the malicious code ...
There’s just more code than ever and developers can’t verify everything – we need to make all that code understandable.
Frontier AI models, while powerful for identifying vulnerabilities, also present new risks from bad actors, accelerating exploitation timelines to mere minutes.
Cybersecurity researchers at Sophos and other companies discovered an undeclared executable, identified as a Monero cryptocurrency miner, being installed wit...
Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity compan...
Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure ...
When a researcher went public with Microsoft vulnerabilities, it laid bare a conflict that has never really been solved. The post Nightmare Eclipse incident ...
LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen…
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain att...
A security incident involving the third-party platform Klue has resulted in unauthorized access to limited customer data in LastPass. The breach occurred aft...
Tata Electronics has reported a cybersecurity incident following claims from a ransomware-linked threat group that it has exfiltrated and published over 200,...
Xsolis disclosed a breach affecting 1.4M people after a phishing attack exposed personal and health data from its hospital clients’ systems.
Hackers stole customers’ names, addresses, email addresses, phone numbers, and account information. The post Canadian Electricity Provider London Hydro Discl...
For years, cybersecurity professionals have been repeating the same warning: Every company will eventually be breached. Fine.
Threat actors gained access to personal and protected health information that Xsolis received from its clients. The post Xsolis Data Breach Affects 1.
Texas Parks and Wildlife Department (TPWD) breach exposed data of 3M people via a third-party license vendor, including sensitive personal information. The T...
An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce and other platforms, and accessed ...
For the latest discoveries in cyber research for the week of 22nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Texas Park...
Around 3 million Texas licence holders face a data breach after hackers targeted a third-party vendor, exposing driver's licences and passport numbers.