New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)
For a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG ("Scalable Vector Graphic") is a web-friendly vector file format u...
Manufacturing
20 articles
Red Hat Cloud Services npm Packages Hijacked in Credential-Theft Malware Campaign
A large-scale software supply chain attack has compromised multiple official npm packages under the @redhat-cloud-services scope, exposing thousands of devel...
Dragos acquires Phosphorus to enhance industrial cybersecurity
The acquisition aims to integrate Phosphorus' platform, which identifies connected devices, assesses exposures, and automates remediation, into Dragos' offer...
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from d...
NetQuest expands NetworkLens to detect threats hidden in network management traffic
NetQuest announced an expansion of its NetworkLens enriched dataset portfolio. The new network telemetry datasets deliver detailed traffic characteristics of...
Reinventing Security for the Agentic NVIDIA AI Factory
Building on the momentum of NVIDIA GTC Taipei at COMPUTEX 2026, the conversation has moved beyond AI experimentation to the industrialization of intelligence...
Dragos acquires Phosphorus to secure extended operational technology
Dragos has acquired Phosphorus, extending the Dragos Platform to protect billions of connected devices embedded across critical infrastructure and other oper...
Containers on fire: from container escapes to supply chain attacks
We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks.
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate...
NVIDIA goes open source with a big batch of physical AI agent tools
NVIDIA just dropped a big batch of open-source “physical AI” skills and tools, and they’re designed to make a roboticist’s life a whole lot easier. The idea?
Rapid7 and Exclusive Networks Expand Partnership Across the Nordics
Building stronger cybersecurity outcomes together The cybersecurity landscape across the Nordics is evolving rapidly. Organizations are facing increasing pre...
CrowdStrike Brings Enterprise-Grade Security to the AI Factory with NVIDIA Vera BlueField-4 STX
CISA adds Daemon Tools, TanStack, and Nx Console compromised versions to KEV catalog
The vulnerabilities include compromised versions of Daemon Tools Lite (CVE-2026-8398), TanStack npm packages (CVE-2026-45321), and the Nx Console extension (...
In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks
Noteworthy stories that might have slipped under the radar: Trump Mobile exposes customer data, phishers target the 2026 FIFA World Cup, CISA responds to rec...
The Good, the Bad and the Ugly in Cybersecurity – Week 22
Authorities dismantle Russian-aligned hosting firm, FBI warns of in-person data thefts, and TrapDoor steals credentials via software supply chain attack.
Trusted Dev Tools Abused to Steal Code and Secrets
Attackers are increasingly weaponizing trusted developer tools to infiltrate software supply chains, with CISA warning of multiple ongoing campaigns targetin...
Typosquatted npm Packages Steal Cloud and CI/CD Secrets
A coordinated npm supply chain attack has been uncovered targeting developers working with OpenSearch, ElasticSearch, and DevOps tooling, with attackers acti...
What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant
What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Ka...
Fake Codex Remote UI Steals OpenAI Auth Tokens
A newly uncovered supply chain attack is leveraging a legitimate-looking developer tool, codexui-android, to silently steal OpenAI Codex authentication token...
MicrosoftSystem64 Malware Abuses Hugging Face for Stealthy Data Theft
A sophisticated supply chain attack targeting the npm ecosystem has been uncovered, involving a malicious package named js-logger-pack that evolved into a po...