-
Software supply chain attacks have become one of the biggest threats facing developers, and npm is preparing significant changes to reduce that risk. GitHub announced new security controls for npm that will limit automatic package installation behaviors and require developers to explicitly approve actions that attackers commonly abuse. The changes represent one of the most…
-
Organizations that rely on Oracle PeopleSoft are investigating potential exposure after the ShinyHunters cybercrime group claimed it breached hundreds of environments and stole sensitive data. The group has reportedly begun contacting victims directly, adding pressure on organizations already trying to determine whether their systems were affected. The claims have raised concerns across sectors that depend…
-
ServiceNow confirmed a security incident after attackers exploited a vulnerability and gained unauthorized access to data stored in hosted customer environments. The company patched the flaw and notified affected customers, but the disclosure renewed concerns about the security of enterprise cloud platforms that store large volumes of business information. The incident highlights the growing risks…
-
The JDY botnet has grown into one of the most closely watched cyber threats targeting internet-connected infrastructure. Security researchers recently identified a sharp increase in compromised routers and edge devices linked to the operation, raising fresh concerns about China’s cyber capabilities and the infrastructure that supports long-term espionage campaigns. The latest findings suggest the botnet…
-
Cybercriminals are using TikTok and Instagram videos to trick users into infecting their own devices with malware. Researchers recently uncovered a campaign that promotes fake Spotify Premium activations and other software “hacks” through social media tutorials. Instead of unlocking paid features, the instructions install information-stealing malware capable of harvesting passwords, financial data, and cryptocurrency wallet…
-
A security researcher known as Nightmare-Eclipse has disclosed a new Windows Defender zero-day called RoguePlanet. The exploit abuses a flaw in Microsoft’s antivirus platform and allows attackers to elevate privileges to SYSTEM level. The release adds another chapter to the ongoing conflict between the researcher and Microsoft, which has already seen multiple public zero-day disclosures…
-
Microsoft has finally patched three Windows zero-days that remained publicly exposed for months after a security researcher released technical details and proof-of-concept exploits online. The vulnerabilities, known as YellowKey, GreenPlasma, and MiniPlasma, attracted significant attention because they affected fully updated systems and exposed weaknesses in core Windows components. The fixes arrived as part of Microsoft’s…
-
A newly disclosed Ivanti Sentry flaw has received the highest possible severity rating after security researchers discovered that attackers could execute code as root on vulnerable systems. The vulnerability affects Ivanti Sentry, a product widely used by organizations to manage secure access between mobile devices and enterprise networks. Because the flaw requires no authentication, attackers…
-
A ServiceNow security incident has triggered an internal investigation after a threat actor claimed to possess company-related data and attempted to sell the information online. The software giant confirmed that it is examining the situation, but the company has not verified the full extent of the claims. The incident has attracted significant attention because ServiceNow…
-
A Tchap breach has triggered a cybersecurity investigation in France after a hacker claimed to have accessed data linked to the government’s official messaging platform. The incident has attracted significant attention because French authorities actively promoted Tchap as a secure alternative to foreign communication services used across the public sector. While investigators continue to assess…