Hackers have weaponized Zapier’s NPM account to deploy malware that automatically spreads across the open-source ecosystem. The worm steals credentials and creates over 19,000 public repositories containing exposed secrets, representing an unprecedented escalation in supply chain attacks.
The recent Snowflake data breach revealed how cloud security has fundamentally changed. Attackers bypassed traditional defenses using compromised credentials, accessing data from major companies like Ticketmaster. This signals a major shift in how organizations need to approach cloud protection.
The International Association for Cryptologic Research is running a new election after failing to complete its original vote. A trustee lost their private key, making it impossible to decrypt the results. The organization will implement new security procedures for the do-over election.
CrowdStrike has terminated an employee who allegedly passed internal information to hackers. The company claims its systems were never compromised despite screenshots showing access to internal dashboards. Law enforcement has been notified.
The Trump administration is overhauling US cyber strategy to take more aggressive action against hackers and nation-states. But with multiple agencies involved and international cooperation waning, execution remains the biggest challenge.
The EFF has filed a lawsuit against the Department of Justice and Department of Homeland Security seeking records about government communications with tech companies. The legal action follows failed FOIA requests regarding ICE tracking app takedowns in October. The case could reveal whether federal
Small businesses face dramatically increased cyberattack risks during the holiday season. New research shows 69% of business leaders reported being targeted, up from 47% just a year ago.
Windows 11 and Windows 10 are affected by a serious kernel-level security flaw that could let standard users gain full administrator privileges. The vulnerability stems from a race condition in the Windows kernel. Microsoft has already released security patches to address the issue.
Nearly half of critical infrastructure organizations lack basic email authentication, according to new research. The security gap leaves energy, chemical and water systems vulnerable to spoofing and ransomware attacks from weaponized AI.
Fortinet has confirmed a second zero-day vulnerability in its FortiWeb product being actively exploited in the wild. The bug allows authenticated attackers to execute unauthorized code, and security researchers suspect it’s being chained with a previous authentication bypass flaw. CISA has added it
