A sophisticated supply chain attack targeting the popular npm package ‘rand-user-agent’ was discovered on May 5, 2025. The compromise affects a legitimate JavaScript library used to generate randomized user-agent strings for web scraping operations, inserting malicious code that establishes remote…
Category: EN
How to manage migration of hsm1.medium CloudHSM clusters to hsm2m.medium
On August 20, 2024, we announced the general availability of the new AWS CloudHSM instance type hsm2m.medium (hsm2). This new type comes with additional features compared to the previous AWS CloudHSM instance type, hsm1.medium (hsm1), such as support for Federal…
In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak
Noteworthy stories that might have slipped under the radar: surge in cyberattacks between India and Pakistan, Radware cloud WAF vulnerabilities, xAI key leak. The post In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak appeared first on SecurityWeek. This article…
Gain Deeper Visibility into Risks to Meet Security Compliance Demands
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Gain Deeper Visibility into Risks to Meet Security Compliance Demands
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Supply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor. The post Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
It’s Not Your MSP, It’s Your SEG: Email Security History 101 (Part 1)
It usually starts small—a missed phish here, a lost customer email in the quarantine abyss. Maybe a few grumbles from your support team about never-ending rule updates. At first, you let it slide. You think, ‘That’s just how it goes’;…
Kasada Ranks #4 Among Australia’s Best Technology Employers in 2025
Recognized as one of Australia’s Best Workplaces™ in Technology for third year in a row. The post Kasada Ranks #4 Among Australia’s Best Technology Employers in 2025 appeared first on Security Boulevard. This article has been indexed from Security Boulevard…
Celsius Founder Alex Mashinsky Sentenced To 12 Years In Prison
Founder of former cryptocurrency lender Celsius Network, Alex Mashinsky, receives stiff prison sentence for fraud This article has been indexed from Silicon UK Read the original article: Celsius Founder Alex Mashinsky Sentenced To 12 Years In Prison
Hackers Target IT Admins by Poisoning SEO to Push Malware to Top Search Results
Cybercriminals are increasingly targeting IT administrators through sophisticated Search Engine Optimization (SEO) poisoning techniques. By leveraging SEO tactics typically used for legitimate online marketing, attackers manipulate search engine rankings to push malicious websites to the top of results on platforms…
Chinese Hackers Exploit SAP RCE Vulnerability to Deploy Supershell Backdoors
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-31324, in SAP NetWeaver Visual Composer 7.x is being actively exploited by a Chinese threat actor, tracked as Chaya_004. This deserialization flaw allows attackers to upload malicious binaries, including web shells,…
WatchGuard transitions new CEO
WatchGuard® Technologies, a provider of unified cybersecurity for managed service providers (MSPs), today announced a planned leadership transition. After a decade of impactful leadership, Chief Executive Officer (CEO) Prakash Panjwani will transition out of his operational role, continuing to serve…
160,000 Impacted by Valsoft Data Breach
VMS firm Valsoft Corporation says the personal information of over 160,000 people was compromised in a February 2025 data breach. The post 160,000 Impacted by Valsoft Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Apple Developing Specialised Chips For Smart Glasses, AI Servers – Report
Specialised silicon is reportedly being developed inhouse by Apple for its smart glasses, Macbooks, and AI servers This article has been indexed from Silicon UK Read the original article: Apple Developing Specialised Chips For Smart Glasses, AI Servers – Report
New Supply Chain Attack Compromises Popular npm Package with 45,000 Weekly Downloads
An advanced supply chain attack has targeted the well-known npm package rand-user-agent, which receives about 45,000 downloads every week, in a worrying development for the JavaScript developer community. Maintained by WebScrapingAPI, this package is designed to generate randomized, real-world user-agent…
Malicious Python Package Impersonates Discord Developers to Deploy Remote Commands
A seemingly innocuous Python package named ‘discordpydebug’ surfaced on the Python Package Index (PyPI) under the guise of “Discord py error logger.” Marketed as a debugging utility for developers working on Discord bots with the Discord.py library, this package was…
New Mamona Ransomware Targets Windows Systems Using Abused Ping Command
Cybersecurity researchers are raising the alarm about a newly discovered commodity ransomware strain dubbed Mamona, which is rapidly spreading across Windows systems. Unlike traditional ransomware, Mamona employs a unique set of tactics, notably exploiting the humble Windows “ping” command as a…
April 2025 Malware Spotlight: FakeUpdates Dominates as Multi-Stage Campaigns Blend Commodity Malware with Stealth
Cyber criminals are raising the stakes. This month, researchers uncovered a sophisticated, multi-stage malware campaign delivering some of the most prevalent commodity malware—AgentTesla, Remcos, and XLoader—via stealthy techniques designed to evade detection. Meanwhile, FakeUpdates retains its top spot in the…
RSAC 2025 Conference: Identity security highlights
RSAC 2025 Conference was abuzz with talk about agentic AI and tool convergence. Analyst Todd Thiemann shares how these trends affect identity security. This article has been indexed from Search Security Resources and Information from TechTarget Read the original article:…
Florida bill requiring encryption backdoors for social media accounts has failed
The bill would have required social media companies create encryption backdoors to allow access to users’ private information. This article has been indexed from Security News | TechCrunch Read the original article: Florida bill requiring encryption backdoors for social media…
Fake AI platforms deliver malware diguised as video content
A clever malware campaign delivering the novel Noodlophile malware is targeting creators and small businesses looking to enhance their productivity with AI tools. But, in an unusual twist, the threat actors are not disguising the malware as legitimate software, but…