Security News

Critical Cisco Smart Licensing Utility flaws now exploited in attacks
2025-03-20 19:05

Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. [...]

Critical GitHub Attack
2025-03-20 15:14

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which...

GitHub Action supply chain attack exposed secrets in 218 repos
2025-03-20 14:34

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to...

TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure”
2025-03-19 21:28

Ransomware attackers know where your kids go to school and they want you to know it, according to professional negotiators at Sygnia.

Ukrainian military targeted in new Signal spear-phishing attacks
2025-03-19 20:30

Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and...

WhatsApp patched zero-click flaw exploited in Paragon spyware attacks
2025-03-19 16:02

WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the University of Toronto's Citizen Lab. [...]

Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen
2025-03-19 11:35

In today’s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and...

GitHub Action hack likely led to another in cascading supply chain attack
2025-03-18 20:03

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that...

New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
2025-03-18 15:43

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot...

Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos
2025-03-18 13:02

Ad giant just confirmed its cloudy arm will embrace security shop in $30B deal Wiz security researchers think they've found the root cause of the GitHub supply chain attack that unfolded over the...