Patching fast and slow: Ruby devs delay to defend against supply chain attack
The team behind RubyGems, a package hosting site for Ruby developers, has added a new feature to bundler, a tool for managing Ruby packages (or ‘gems’) to pr...
Threat Intelligence Feed
Aggregating 5810 articles from trusted cybersecurity sources
Latest News
Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum
When Open Source is a bit too Open Several fun modules landed this week, including an Apache RCE, Windows Kernel pointer collection, and Gogs RCE via naming....
Why AI Agents Need an Identity Model, Not Just an API Key
Securing CI/CD in an agentic world: Claude Code Github action case
Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific condi...
OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds
CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerabili...
Magecart campaign exploits Stripe API for credit card theft
The sophisticated attack utilizes Google Tag Manager (GTM) and Stripe domains, which are implicitly trusted by e-commerce sites, allowing the malicious code ...
Why writing software has become dangerous today
There’s just more code than ever and developers can’t verify everything – we need to make all that code understandable.
Commvault offers recommendations for resilience in the age of frontier AI
Frontier AI models, while powerful for identifying vulnerabilities, also present new risks from bad actors, accelerating exploitation timelines to mere minutes.
Hola browser supply chain attack delivers cryptocurrency miner
Cybersecurity researchers at Sophos and other companies discovered an undeclared executable, identified as a Monero cryptocurrency miner, being installed wit...
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity compan...
Over 900 US gas station tank gauge systems exposed to attacks
Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure ...
Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away
When a researcher went public with Microsoft vulnerabilities, it laid bare a conflict that has never really been solved. The post Nightmare Eclipse incident ...
Data Breaches
LastPass Confirms Customer Data Breach After Klue OAuth Token Theft
LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen…
LastPass confirms data breach in Klue supply chain attack
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain att...
LastPass Customer Data Exposed in Klue Supply Chain Attack Using Stolen OAuth Tokens
A security incident involving the third-party platform Klue has resulted in unauthorized access to limited customer data in LastPass. The breach occurred aft...
Tata Electronics Data Breach Exposes 200,000+ Files Linked to Apple and Tesla, Hackers Claim
Tata Electronics has reported a cybersecurity incident following claims from a ransomware-linked threat group that it has exfiltrated and published over 200,...
Xsolis Data Breach Impacts 1.4 Million People
Xsolis disclosed a breach affecting 1.4M people after a phishing attack exposed personal and health data from its hospital clients’ systems.
Canadian Electricity Provider London Hydro Discloses Data Breach
Hackers stole customers’ names, addresses, email addresses, phone numbers, and account information. The post Canadian Electricity Provider London Hydro Discl...
Cybersecurity is no longer about protection. It’s about survival.
For years, cybersecurity professionals have been repeating the same warning: Every company will eventually be breached. Fine.
Xsolis Data Breach Affects 1.4 Million Individuals
Threat actors gained access to personal and protected health information that Xsolis received from its clients. The post Xsolis Data Breach Affects 1.
Texas Parks & Wildlife (TPWD) Data Breach impacts 3 Million People
Texas Parks and Wildlife Department (TPWD) breach exposed data of 3M people via a third-party license vendor, including sensitive personal information. The T...
Klue breach exposed Salesforce CRM data through stolen OAuth tokens
An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce and other platforms, and accessed ...
22nd June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 22nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Texas Park...
Texas Parks and Wildlife Data Breach Affects Over 3M License Customers
Around 3 million Texas licence holders face a data breach after hackers targeted a third-party vendor, exposing driver's licences and passport numbers.