Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on…
Category: EN
Critical AWS Amplify Studio Flaw Allowed Attackers to Execute Arbitrary Code
Amazon Web Services (AWS) has addressed a critical security flaw (CVE-2025-4318) in its AWS Amplify Studio platform, which could have allowed authenticated attackers to execute malicious JavaScript code during component rendering. The vulnerability, publicly disclosed on May 5, 2025, affects the amplify-codegen-ui package, a…
Essential Cybersecurity Controls (ECC-1:2018) – A Comprehensive Guide
Cybersecurity threats continue to evolve, posing very real risks to organizations, and nowhere is this risk more pronounced than in entities that handle a nation’s critical infrastructure, as these attacks put public health and safety at risk, harm the environment,…
US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations
The US government warns of threat actors targeting ICS/SCADA systems at oil and natural gas organizations. The post US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Blue Shield health data of nearly 5 million Californians leaked to Google
Last month, Blue Shield of California began notifying its customers that the health data of approximately 4.7 million patients had been leaked to Google. The… The post Blue Shield health data of nearly 5 million Californians leaked to Google appeared…
U.S. CISA adds FreeType flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FreeType flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a FreeType flaw, tracked as CVE-2025-27363 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog.…
MIWIC25: Kiranjit Kaur Shergill, Developer at Barclays
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected…
Severe Kibana Flaw Allowed Attackers to Run Arbitrary Code
A newly disclosed security vulnerability in Elastic’s Kibana platform has put thousands of businesses at risk, with attackers able to execute arbitrary code on vulnerable systems. The flaw, identified as CVE-2025-25014, carries a critical CVSS score of 9.1, underscoring the urgency for…
Podcast Episode: Digital Autonomy for Bodily Autonomy
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> We all leave digital trails as we navigate the internet – records of what we searched for, what we bought, who we talked to, where we went or want to go…
41 Countries Taking Part in NATO’s Locked Shields 2025 Cyber Defense Exercise
The NATO Cooperative Cyber Defence Centre of Excellence in Estonia is hosting the Locked Shields 2025 cyber defense exercise. The post 41 Countries Taking Part in NATO’s Locked Shields 2025 Cyber Defense Exercise appeared first on SecurityWeek. This article has…
Congress challenges CISA cuts, Texas school breached, NSO pays WhatsApp
Congress challenges Noem over proposed CISA cuts Texas school district breach impacts over 47,000 people NSO Group to pay WhatsApp $167 million in damages Thanks to today’s episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security,…
IT Guy Let Girlfriend Enter into Highly Restricted Server Rooms
A major security breach at Deutsche Bank’s New York datacenter has come to light through a lawsuit filed by a former Computacenter manager who claims he was wrongfully terminated after reporting unauthorized access incidents. James Papa, previously a service delivery…
Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable
A new report from bot defense firm Kasada has exposed the growing threat of ALTSRUS, a fraud syndicate targeting some of the most vulnerable corners of the digital economy. Researchers revealed how the group has scaled its operations to steal…
NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware
A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers…
IT Worker from Computacenter Let Girlfriend Into Deutsche Bank’s Restricted Areas
A former information technology manager has filed a whistleblower lawsuit alleging a major security breach at Deutsche Bank’s Manhattan headquarters, claiming a fellow IT contractor repeatedly brought his girlfriend – an unauthorized Chinese national with computer expertise – into the…
Example of “Modular” Malware, (Wed, May 7th)
Developers (of malware as well as goodware) don&#x26;#39;t have to reinvent the wheel all the time. Why rewrite a piece of code that was development by someone else? In the same way, all operating systems provide API calls (or system…
Rethinking AppSec: How DevOps, containers, and serverless are changing the rules
Application security is changing fast. In this Help Net Security interview, Loris Gutic, Global CISO at Bright, talks about what it takes to keep up. Gutic explains how DevOps, containers, and serverless tools are shaping security, and shares views on…
NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict
A federal jury in California has ordered Israeli spyware maker NSO Group to pay approximately $168 million in damages to WhatsApp. The verdict, delivered on Tuesday, represents a pivotal victory in the ongoing global battle against commercial cyberespionage and sets…
Autorize: Burp Suite extension for automatic authorization enforcement detection
Autorize is an open-source Burp Suite extension that checks if users can access things they shouldn’t. It runs automatic tests to help security testers find authorization problems. Autorize installation To use Autorize, you’ll need Burp Suite and Jython. Here’s how…
6 Year Old Sleeper Attack Uncovered, Fake Bank Draft Scam, and Signal Tool Breach
In this episode of Cybersecurity Today, host Jim Love delves into a range of alarming cyber incidents. A six-year sleeper supply chain attack has compromised thousands of e-commerce websites, exploiting vulnerabilities in Magento extensions from vendors Tigren, Meetanshi, and Magesolution.…