Security News

Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen
2025-03-19 11:35

In today’s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and...

GitHub Action hack likely led to another in cascading supply chain attack
2025-03-18 20:03

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that...

New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
2025-03-18 15:43

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot...

Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos
2025-03-18 13:02

Ad giant just confirmed its cloudy arm will embrace security shop in $30B deal Wiz security researchers think they've found the root cause of the GitHub supply chain attack that unfolded over the...

How financial institutions can minimize their attack surface
2025-03-18 06:00

In this Help Net Security interview, Sunil Mallik, CISO of Discover Financial Services, discusses cybersecurity threats for financial institutions. He also shares insights on balancing compliance...

BlackLock ransomware claims nearly 50 attacks in two months
2025-03-17 20:40

A ransomware-as-a-service (RaaS) operation called 'BlackLock' has emerged as one of the more active ransomware operations of 2025. [...]

Supply chain attack on popular GitHub Action exposes CI/CD secrets
2025-03-17 15:24

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build...

Improvements in Brute Force Attacks
2025-03-17 15:09

New paper: “GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3.” Abstract: Key lengths in symmetric cryptography are...

Critical RCE flaw in Apache Tomcat actively exploited in attacks
2025-03-17 13:29

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. [...]

Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
2025-03-17 13:12

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in...