Latest News

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

Two malicious NPM packages contain code that would delete production systems when triggered with the right credentials.

iVerify links iPhone crashes to sophisticated zero-click attacks via iMessage targeting individuals involved in politics in the EU and US.

The US is seeking the forfeiture of $7.74 million in cryptocurrency in frozen wallets tied to North Korean fake IT workers schemes.

Kingsley Uchelue Utulu has been sentenced to more than 5 years in prison for his role in a scheme that involved hacking, fraud and identity theft.

President Trump says his new cybersecurity executive order amends problematic elements of Biden- and Obama-era executive orders.

Noteworthy stories that might have slipped under the radar: FBI issues an alert on BadBox 2 botnet, NSO disputing the $168 million WhatsApp fine, 1,000 people left CISA since Trump took office.

The number of cybersecurity-related merger and acquisition (M&A) announcements surged in May 2025.

Data security firm MIND has raised $30 million in Series A funding to expand its R&D and go-to-market teams.

A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization in Ukraine.

Cisco has released patches for a critical vulnerability impacting cloud deployments of Identity Services Engine (ISE).

An HPE StoreOnce vulnerability allows attackers to bypass authentication, potentially leading to remote code execution.

A reward is being offered for Maxim Alexandrovich Rudometov, who is accused of developing and managing the RedLine malware.

Censys researchers follow some clues and find hundreds of control-room dashboards for US water utilities on the public internet.

A threat actor has been creating backdoored open source malware repositories to target novice cybercriminals and game cheaters.