The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular “LiteLLM” Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. […]
Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens Read More »
The Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new models in the U.S. […]
FCC bans new routers made outside the USA over security risks Read More »
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below – checkmarx/ast-github-action checkmarx/kics-github-action Cloud security
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials Read More »
A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage Read More »
Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below – CVE-2026-3055 (CVSS score: 9.3) – Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) – Race condition
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks Read More »
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that’s distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code “tasks.json” to distribute malware is a relatively new tactic adopted by the threat actor since
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware Read More »
Microsoft has fixed a known issue causing Gmail and Yahoo email synchronization and connection problems for classic Outlook users. […]
Microsoft fixes bug causing Classic Outlook sync issues with Gmail Read More »
Passing MFA doesn’t mean a session is safe, attackers can hijack tokens and bypass identity checks. Specops Software explains why Zero Trust must verify both user identity and device health. […]
Zero Trust: Bridging the Gap Between Authentication and Trust Read More »
Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits administrators. […]
HackerOne discloses employee data breach after Navia hack Read More »
Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. […]
Infinite Campus warns of breach after ShinyHunters claims data theft Read More »