The best way to avoid getting scammed when trying to obtain tickets for matches in the FIFA World Cup is to purchase them directly from… The post How to avoid FIFA World Cup 2026 ticket scams? appeared first on Panda…
Tag: EN
Five Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via Telegram
Five malicious npm packages impersonating popular crypto libraries are stealing wallet keys from Solana and Ethereum developers and exfiltrating them directly to a hardcoded Telegram bot. Each package typosquats or wraps a legitimate crypto library and funnels stolen private keys…
FCC Blocks New Foreign Consumer Router Models Citing Serious Security Risks
On March 23, 2026, the Federal Communications Commission (FCC) officially updated its Covered List to ban all new consumer-grade routers produced in foreign countries from receiving equipment authorisation. This regulatory action, driven by a White House-convened Executive Branch interagency determination,…
Training an AI agent to attack LLM applications like a real adversary
Most enterprise software development teams now ship AI-powered applications faster than traditional penetration testing can keep up with. A security team with 500 applications may test each one once a year, or less. In the time between tests, the underlying…
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security…
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy & KICS Hacks
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPCP, injected malicious…
Google Authenticator’s Hidden Passkey Design May Expose New Passwordless Attack Vectors
Google’s passkey ecosystem quietly depends on a powerful cloud-side component that changes where “passwordless trust” actually lives and that shift could open new avenues for account takeover in the real world. Most passkey discussions focus on WebAuthn and FIDO specs,…
HackerOne Confirms Employee Data Stolen Following Linked Navia Hack
HackerOne, a leading vulnerability coordination and bug bounty platform, has officially confirmed a data breach impacting its employees. The security incident did not occur directly on HackerOne’s internal network or infrastructure. Instead, the sensitive data was exposed through a targeted…
Why your phishing simulations aren’t building a security culture
Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training videos and quarterly phishing tests happen in calm, controlled settings that tell us nothing about…
You don’t have to choose between BAS or automated pentesting, you shouldn’t
There’s a debate making the rounds in security circles that sounds reasonable on the surface but falls apart under operational scrutiny: Which is better, breach and attack simulation (BAS) or automated penetration testing (APT)? Security vendors have stoked this debate…
Aqua Security’s Trivy Scanner Hit by Supply Chain Attack, Threatening Software Integrity
A sophisticated supply chain attack compromised Aqua Security’s popular open-source Trivy vulnerability scanner. Threat actors successfully distributed malicious code through the project’s GitHub Actions, targeting deployment pipelines to silently exfiltrate sensitive credentials. While Aqua’s commercial products remain completely unaffected, the…
Aqua Security’s Trivy Scanner Compromised in Supply Chain Attack
A sophisticated supply chain attack targeting Aqua Security’s widely used open-source vulnerability scanner, Trivy. A threat actor leveraged compromised credentials to distribute malicious releases, turning a trusted security tool into a mechanism for large-scale credential theft across CI/CD pipelines. The…
Kali Linux 2026.1 Released With 8 New Hacking Tools
Kali Linux 2026.1 has officially been released, marking the first major update of the year for the popular penetration testing distribution. Designed for professionals engaged in technical security research and vulnerability analysis, this update features modern aesthetic enhancements, notable advancements…
Which Came First: The System Prompt, or the RCE?
During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude (Opus 4.5) and a third-party asset management platform. The idea is simple: instead of clicking through dashboards and making API calls,…
Kali Linux 2026.1 ships BackTrack mode, eight new tools, and a kernel upgrade to 6.18
Penetration testers running Kali Linux have a new release to work with. Version 2026.1 delivers the annual theme refresh, a new BackTrack-inspired mode in kali-undercover, eight tools added to the network repositories, a kernel bump to 6.18, and several Kali…
Your security stack looks fine from the dashboard and that’s the problem
One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs. That figure, drawn from Absolute Security’s 2026 Resilience Risk Index, has…
RSAC Presenter Says “Time to Kill One of Cybersecurity’s Most Overworked Terms”
RSAC: Retiring “APT,” FCC’s US-Made Router Ban, Zoom Call Scraping, Iran-Targeting Wiper, and Cyber Terrorism Insurance From RSAC 2026, host David Shipley highlights ESET researcher Robert Lipowsky’s argument to retire the overused “advanced persistent threat” label and instead describe actors…
Cloud workload security: Mind the gaps
As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning This article has been indexed from WeLiveSecurity Read the original article: Cloud workload security: Mind the gaps
North Korean Hackers Turn VS Code Projects Into Silent Malware Triggers
Opening a project in a code editor is supposed to be routine. In this case, it is enough to trigger a full malware infection. Security researchers have linked an ongoing campaign associated with North Korean actors, tracked as Contagious…
API Security for AI Agents: Why Protection Has Never Been More Important.
For years, a lot of risky APIs survived simply because they were hard to find. They weren’t documented. Only a handful of engineers knew the endpoints. And if an attacker wanted to abuse them, they had to spend real time…