Dark Reading

Cyber OpSec Fail: Beast Gang Exposes Ransomware Server

Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
Dark Reading

Attackers Hide Infostealer in Copyright Infringement Notices

A phishing campaign targeting healthcare, government, hospitality, and education sectors uses several evasion techniques to ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...

What Can Log File Data Tell Me That Tools Can’t? – Ask An SEO

Understanding log file data can reveal crawl patterns, technical problems, and bot activity that traditional SEO tools cannot ...

GL Communications Strengthens ED-137 Recorder Testing for IP-Based Air Traffic Management Systems

MAPS (TM) is GL's protocol simulation and traffic generation platform, and its ED-137 Recorder Emulator application validates VoIP-based recorder interfaces in Air Traffic Management networks.

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Nvidia unveils Vera, an 88-core Arm CPU for AI and analytics racks

Unlike Nvidia's earlier Grace processors, which were primarily sold as companions to GPUs, Vera is positioned as a ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...