A new wave of cyber attacks linked to the threat actor known as Tomiris has been identified targeting foreign ministries, intergovernmental bodies, and government institutions inside Russia. According to researchers, the actor aims to gain remote access inside sensitive networks and deploy additional malicious tools for long term operations. Kaspersky analysts Oleg Kupreev and Artem […]
The United States Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by adding a cross-site scripting flaw that affects OpenPLC ScadaBR on both Windows and Linux systems. The decision follows confirmed evidence that the vulnerability is being actively used by attackers. The flaw, tracked as CVE-2021-26829 with a CVSS
CISA adds actively exploited XSS flaw CVE-2021-26829 in OpenPLC ScadaBR to KEV list Read More »
Cybersecurity researchers have identified insecure legacy code inside several Python packages that could allow attackers to compromise the Python Package Index (PyPI) through a domain takeover scenario. ReversingLabs reported that the issue originates from old bootstrap scripts associated with a build and deployment tool known as zc.buildout. According to researcher Vladimir Pezo, these bootstrap files
Legacy Python bootstrap scripts create domain takeover risk in several PyPI packages Read More »
A North Korean threat group linked to the Contagious Interview activity has continued its aggressive malware distribution by uploading 197 additional malicious packages to the npm registry since last month. Researchers at Socket confirmed that these packages have been downloaded more than 31000 times. Each of them is designed to install a modified version of
North Korean hackers use 197 npm packages to spread updated OtterCookie malware Read More »
A growing cyber espionage campaign linked to the threat group known as Bloody Wolf has widened its reach in Central Asia as the attackers continue delivering the NetSupport RAT through deceptive Java based loaders. The campaign, which initially focused on Kyrgyzstan in June 2025, has expanded to include Uzbekistan by October 2025, according to Group
Bloody Wolf expands Java based NetSupport RAT attacks in Kyrgyzstan and Uzbekistan Read More »
Microsoft has announced a major update to strengthen the security of Entra ID authentication. Starting in October 2026, the company will block unauthorized script injection attacks through a revised Content Security Policy (CSP) for its login platform. Enhanced Security for Entra ID Sign-Ins The CSP update will focus on the sign-in experience at login.microsoftonline[.]com, allowing
Microsoft to block unauthorized scripts in Entra ID logins with 2026 CSP update Read More »
Gainsight has confirmed that the recent suspicious activity involving its applications has affected more users than initially reported. The update follows a security alert issued by Salesforce regarding abnormal behavior linked to Gainsight published apps. More Customers Affected Than First Reported Salesforce originally identified three customers as impacted, but according to Gainsight, the list grew
Gainsight adds more affected customers after Salesforce security alert Read More »
A new wave of the Shai Hulud supply chain attack has now moved beyond the npm ecosystem and into Maven, exposing thousands of sensitive credentials and widening the reach of one of the most impactful attacks of the year. Security researchers have confirmed that the second phase of the operation has compromised more than 830
Shai Hulud v2 spreads from npm to Maven, exposing thousands of secrets Read More »
Cybersecurity researchers have discovered that the Russia-linked threat actor RomCom attempted to compromise a U.S.-based civil engineering company using a JavaScript loader known as SocGholish, delivering the sophisticated Mythic Agent malware. According to Arctic Wolf Labs researcher Jacob Faires, this marks the first observed instance of a RomCom payload being distributed via SocGholish. The campaign
RomCom deploys Mythic Agent malware via SocGholish fake update attacks Read More »
A major cyber incident has struck South Korea’s financial sector after a sophisticated supply chain attack enabled the deployment of Qilin ransomware. The intrusion unfolded through a compromised Managed Service Provider, allowing attackers to infiltrate multiple organizations simultaneously. Cybersecurity company Bitdefender reported that this operation blended the expertise of the notorious Ransomware as a Service
Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims Read More »