Three ‘cybercrime as a service’ operations undercut by Microsoft, law enforcement
Microsoft touted its latest action against malware infrastructure as a new approach aimed at the full cybercrime "supply chain." Europol said more than 300 s...
20 articles
Microsoft touted its latest action against malware infrastructure as a new approach aimed at the full cybercrime "supply chain." Europol said more than 300 s...
A supply chain attack targeting Klue, a competitive intelligence platform, has lead to the theft of Salesforce data from multiple entities, including several...
The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks...
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply cha...
Grafana Labs has confirmed that a recent supply chain attack involving the TanStack npm ecosystem resulted in the cloning of its internal GitHub repositories...
The security defects allow unauthenticated users to take control of the open source software supply chain. The post Exploitable CI/CD Vulnerabilities Expose ...
LastPass disclosed that attackers used OAuth tokens compromised in a supply chain attack on Klue, a market intelligence platform that integrates with CRM and...
Bajaj Auto has reported a ransomware attack that affected its internal systems and those of its wholly owned subsidiary, Bajaj Auto Technology Ltd (BATL). Th...
A newly discovered critical vulnerability in the FFmpeg media processing framework bundled in a huge number of open source and commercial applications points...
EmberAI operates on the Dragos Intelligence Fabric, which the company states is the largest OT cybersecurity data set, compiled from over a decade of adversa...
The breach was revealed after a hacker forum listed over 630 GB of data, reportedly containing more than 204,300 files.
Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. [.
LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen…
GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "...
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain att...
A pervasive CI/CD vulnerability pattern dubbed “Cordyceps” reveals a supply chain vulnerability that lets unauthenticated attackers seize control of Git-base...
A security incident involving the third-party platform Klue has resulted in unauthorized access to limited customer data in LastPass. The breach occurred aft...
A stolen session cookie sat in underground markets for seven weeks before attackers used it to poison 32 Red Hat packages in the npm software registry, an ex...
Tata Electronics has reported a cybersecurity incident following claims from a ransomware-linked threat group that it has exfiltrated and published over 200,...
OpenAI has launched a program with cybersecurity firm Trail of Bits to use AI to find and fix vulnerabilities in widely used open-source software, as enterpr...