A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers’ systems. The...
Cloud security firm Datadog says that one of its RPM GPG signing keys and its passphrase have been exposed during a recent CircleCI security breach. However,...
The Vice Society ransomware gang has claimed responsibility for a November 2022 cyberattack on the University of Duisburg-Essen (UDE) that forced the university to reconstruct its...
Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products. Tracked as...
Popular DevOps platform CircleCI has blamed an attack that successfully planted malware on an internal engineer’s laptop for a recent security breach. The attack, acknowledged on January 4, prompted...
The Liquor Control Board of Ontario (LCBO), a Canadian government enterprise and the country’s largest beverage alcohol retailer, revealed that unknown attackers had breached its website...
Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that their 2FA-backed SSO session cookie, allowing access to the company’s internal systems. Earlier...
Twitter finally addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked and put up for sale online,...
A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver)...
Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets. The security flaw (CVE-2022-42475) abused...