Manufacturing

Zero Day Initiative CVE Apr 6

ZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 6

ZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

SentinelOne Blog Supply Chain Apple SentinelOne Apr 2

Securing the Supply Chain: How SentinelOne®’s AI EDR Stops the Axios Attack Autonomously

Read our blog post to learn how SentinelOne’s AI EDR autonomously stopped a global LiteLLM supply chain attack before execution.

T1195

SentinelOne Blog →

Elastic Security Labs Supply Chain Apple Apr 2

How we caught the Axios supply chain attack

Joe Desimone shares the story of how he caught the Axios supply chain attack with a proof of concept tool built in an afternoon.

T1195

Elastic Security Labs →

Trail of Bits Vulnerability Disclosure Apr 1

Mutation testing for the agentic era

Code coverage is one of the most dangerous quality metrics in software testing. Many developers fail to realize that code coverage lies by omission: it measu...

Trail of Bits →

Recorded Future General Apr 1

The Shift: An Era of Quantum Geopolitics

The expanding conflict around Iran signals a deeper shift.

Recorded Future →

Elastic Security Labs Supply Chain Apple Apr 1

Inside the Axios supply chain compromise - one RAT to rule them all

Elastic Security Labs analyzes a supply chain compromise of the axios npm package delivering a unified cross-platform RAT

T1195

Elastic Security Labs →

Elastic Security Labs Supply Chain Apple Apr 1

Elastic releases detections for the Axios supply chain compromise

Hunting and detection rules for the Elastic-discovered Axios supply chain compromise.

T1195

Elastic Security Labs →

SentinelOne Blog Zero-Day SentinelOne Mar 31

How SentinelOne’s AI EDR Autonomously Discovered and Stopped Anthropic’s Claude from Executing a Zero Day Supply Chain Attack, Globally

Read our blog post to learn how SentinelOne’s AI EDR autonomously stopped a global LiteLLM supply chain attack before execution.

T1195

SentinelOne Blog →

Infosecurity Magazine Ransomware Mar 31

TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs

T1195

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Mar 30

Cybercriminals Exploit Tax Season With New Phishing Tactics

Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams

T1566 T1078 T1598

Infosecurity Magazine →

Infosecurity Magazine Campaigns Mar 27

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware

T1195

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Mar 26

AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns

PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients

T1598

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure SentinelOne Mar 25

Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne

Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials

Infosecurity Magazine →

Infosecurity Magazine Campaigns Mar 25

TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise

Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group

Infosecurity Magazine →

Infosecurity Magazine General Mar 24

Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe

Geopolitics and cyber warfare take center stage at Infosecurity Europe as Dmytro Kuleba discusses Ukraine’s hybrid war experience

Infosecurity Magazine →

Infosecurity Magazine Malware Docker Mar 23

Trivy Supply Chain Attack Expands With New Compromised Docker Images

New Trivy Docker images 0.69.

T1195

Infosecurity Magazine →

Infosecurity Magazine Ransomware Fortinet Mar 19

Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation

Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics

T1588

Infosecurity Magazine →

Zero Day Initiative CVE Mar 16

ZDI-26-211: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. User interaction is required t...

T1190 1 IOC

Zero Day Initiative →

Infosecurity Magazine Data Breach Mar 10

Ericsson Breach Exposes Data of 15k Employees and Customers

Ericsson data breach affects 15k employees/customers after third-party service provider compromise

Infosecurity Magazine →