Tag: software vulnerability

April 5, 2025

Apr 05, 2025Ravie LakshmananMalware / Supply Chain Attack Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) ...

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

Apr 04, 2025Ravie LakshmananVulnerability / Open Source, The cascading supply chain attack that initially targeted Coinbase before becoming more widespread ...

Have We Reached a Distroless Tipping Point?

There's a virtuous cycle in technology that pushes the boundaries of what's being built and how it's being used. A ...

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

Apr 04, 2025Ravie LakshmananMalware / Vulnerability Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure ...

OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers

Apr 04, 2025Ravie LakshmananThreat Intelligence / Malware A novice cybercrime actor has been observed leveraging the services of a Russian ...

CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware

Apr 04, 2025Ravie LakshmananCritical Infrastructure / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less ...

Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code

Apr 04, 2025Ravie LakshmananVulnerability / Cloud Security A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library ...

Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware

April 3, 2025

Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns ...

Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware

April 3, 2025