SailPoint GitHub repo hit by third-party cyberattack
SailPoint says GitHub repo breach exposed no customer data or production systems.
SC Media
20 articles
IAM for MSSPs: The Hidden Risk of Blind Trust - Dustin Sachs - CSP #224
Why we need a ‘zero-trust for code’ behavioral approach to secure software
AI has broken down the old model for classifying code – here’s how a behavioral approach makes more sense today.
German authorities shut down relaunched Crimenetwork marketplace, arrest operator
The original Crimenetwork, a significant platform for illicit goods and services, was taken down in December 2024.
Smartphone users increasingly forgo paid antivirus protection
A recent survey by Cybernews indicates that only 18% of mobile phone users in America pay for third-party antivirus software, with many trusting the built-in...
JDownloader website compromised to distribute malicious installers
The supply chain attack involved attackers modifying the website's download links to point to malicious third-party payloads.
AI can profile users from ad patterns alone, study finds
A study by UNSW Sydney and QUT involving over 435,000 Facebook ads from 891 Australians revealed that large language models can infer a user's gender, age, e...
Virginia man found guilty of destroying government databases after being fired
The incident occurred on February 18, 2025, shortly after Sohaib Akhter and his twin brother, Muneeb Akhter, were fired by their employer, a company that ser...
New PamDOORa Linux backdoor sold on cybercrime forum
PamDOORa functions as a post-exploitation toolkit, enabling attackers to gain persistent access to Linux systems (x86_64) through a "magic password" and a sp...
Google removes 28 fraudulent apps from Play Store
Security researchers at ESET uncovered the malicious campaign, dubbed CallPhantom, which primarily targeted users in India, indicated by the preselected +91 ...
NVIDIA confirms GeForce NOW user data exposed in Armenian partner breach
A threat actor claimed to have breached GeForce NOW and stolen millions of user records, including full names, email addresses, usernames, dates of birth, an...
Poland's intelligence agency thwarts cyberattacks on water treatment plants
Poland's Internal Security Agency reported thwarting multiple sabotage attempts, potentially linked to Russian intelligence services, against military facili...
Most passwords can be cracked in under a minute, Kaspersky finds
Kaspersky researchers analyzed a dataset of 231 million unique passwords leaked on the dark web between 2023 and 2026.
What OpenClaw revealed about the agent security model
OpenClaw exposed how insecure agent architectures can turn AI ecosystems into attack surfaces.
Vibe coding has cybersecurity asking what AI can — and can’t — replace
Cyber pros balance hype, skepticism and uncertainty as AI coding disrupts industry norms.
The impact of Mythos and Florida Man, confidence gaps, phishing, & AI adoption - Erich Kron, Deepen Desai, Chris Wallis - ESW #458
Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! - SWN #579
Federal agencies ordered to patch Ivanti EPMM zero-day in 3 days
The actively exploited flaw enables remote admin users to execute arbitrary code.
'Dirty Frag' Linux zero-day exposes most distributions to LPE
Dirty Frag Linux zero-day exposes most distributions to root privilege escalation.
Google Chrome silently downloads large AI model, raising privacy concerns
Cybersecurity researcher Alexander Hanff discovered that Google Chrome is downloading a 4GB AI model, Gemini Nano, onto users' machines if they meet certain ...