Trust Under Pressure: DigiCert Revokes Certificates After Support Portal Breach
DigiCert recently revoked a number of digital certificates that were fraudulently obtained following a cyberattack on its internal support portal. The incident has raised serious concerns around the security of certificate issuance processes and the broader trust model that underpins secure internet communication. Digital certificates are foundational to online trust, enabling secure connections across websites, […]
Software Supply Chain Under Attack: Malicious npm Packages Target Developer Secrets
A new software supply chain attack has emerged, where threat actors weaponized npm packages linked to SAP ecosystems to steal sensitive credentials. These malicious packages were designed to extract secrets from developer environments, including access tokens for GitHub, cloud services, and AI powered coding tools. This incident highlights how attackers are increasingly targeting the development […]
Phishing Campaigns Evolve as Attackers Exploit Trusted Cloud Platforms
A new phishing campaign is raising concerns by abusing legitimate services such as Google AppSheet, Netlify, and Telegram to target users of Facebook. By leveraging trusted platforms, attackers are making malicious campaigns harder to detect and more convincing for unsuspecting users. How the Attack Works This campaign combines social engineering with legitimate infrastructure to deliver […]
AiTM Phishing Attacks Target Enterprise Platforms with Advanced Session Hijacking Techniques
A new wave of phishing campaigns is leveraging Adversary in the Middle techniques to compromise enterprise cloud platforms such as Microsoft SharePoint, HubSpot, and Google Workspace. These attacks are more sophisticated than traditional phishing, allowing attackers to bypass multi factor authentication and gain direct access to user sessions. This marks a significant escalation in how […]
Shifting Priorities in Cybersecurity: Google Rebalances Bug Bounty Rewards in the Age of AI
Google is recalibrating its bug bounty programs, signaling a notable shift in how modern security risks are being prioritized. Rewards for vulnerabilities in Google Chrome are being reduced, while incentives for Android security research are increasing. This move reflects the growing complexity of mobile ecosystems and the expanding role of AI in both offensive and […]
When Defenders Turn Threat Actors: Insider Risk in Cybersecurity Comes Into Focus
A recent case involving two United States based security professionals has raised serious concerns across the cybersecurity community. Both individuals have been sentenced to prison for assisting a ransomware group, marking a rare but significant example of insiders crossing ethical and legal boundaries. This incident highlights a critical reality. Cybersecurity risks are not always external. […]
Critical Jenkins Plugin Flaws Highlight Ongoing Risks in CI CD Pipelines
Recent security updates in Jenkins have addressed multiple high severity vulnerabilities in widely used plugins, including path traversal and stored cross site scripting issues. These flaws underscore the growing risks within CI CD pipelines and the need for stronger security controls in development ecosystems. As organizations increasingly rely on automation for software delivery, vulnerabilities within […]
AI Meets Cyber Defense: CVE MCP Server Transforms Claude into a Powerful Security Analyst
The evolution of AI in cybersecurity is accelerating, and a new development is pushing the boundaries even further. The CVE MCP Server now enables Claude to function as a highly capable security analyst by integrating access to 27 tools across 21 APIs. This advancement highlights how AI is moving beyond assistance into active participation in […]
When AI Coding Assistants Become Attack Vectors: Cursor Vulnerability Raises Developer Security Concerns
The rapid adoption of AI powered coding assistants is transforming software development, but it is also introducing new security risks. A recently disclosed vulnerability in the Cursor AI coding agent highlights how attackers can exploit these tools to execute code directly on a developer’s machine. This development signals a shift in the threat landscape where […]
Exposed and Vulnerable: Internet Facing VNC Servers Put Critical Infrastructure at Risk
A recent security finding has revealed hundreds of internet facing VNC servers directly exposing industrial control systems and operational technology environments. This discovery raises serious concerns about the security posture of critical infrastructure across industries. VNC, commonly used for remote access, becomes a major risk when improperly configured or left open to the internet without […]