Cybersecurity researchers have uncovered a new supply chain attack involving malicious packages uploaded to the Python Package Index (PyPI) repository that secretly install a previously undocumented malware strain called ZiChatBot on both Windows and Linux devices. According to researchers at…
Many organizations believe that signing an incident response retainer agreement means they are prepared for a cyberattack. Security experts say that assumption is dangerously misleading. A retainer may guarantee that someone answers the phone during a crisis, but it does…
Microsoft has revealed details of a large-scale phishing campaign that tricked tens of thousands of users into handing over their login credentials by using convincing internal-style emails and advanced evasion tactics. The attack, observed between April 14 and April 16,…
The rapid adoption of artificial intelligence is creating new security challenges, with recent findings showing that many AI systems are being deployed with serious vulnerabilities. A study by Intruder reveals that modern AI infrastructure is often more exposed and poorly…
Cybersecurity researchers are warning that attackers are already exploiting a serious flaw in the open-source CMS MetInfo CMS, putting thousands of websites at risk. The vulnerability, tracked as CVE-2026-29014, carries a high severity score of 9.8 and allows attackers to…
Every time employees connect AI tools, automation platforms, or productivity apps to services like Google or Microsoft, they leave behind something many organizations fail to track, long-lasting OAuth tokens. These tokens often have no expiration, no automatic cleanup, and in…
A highly advanced cyber espionage group with ties to China has been linked to a wave of attacks against government institutions in South America and southeastern Europe, according to new findings from Cisco Talos. The threat group, tracked as UAT-8302,…
The Apache Software Foundation (ASF) has rolled out security updates to fix multiple issues in its HTTP Server, including a high-risk vulnerability that could allow attackers to execute code remotely. The flaw, tracked as CVE-2026-23918 and rated 8.8 on the…
A cyber campaign known as Contagious Interview, believed to be linked to North Korean threat actors, is expanding its reach by planting malicious packages across several major developer ecosystems. Security researchers have discovered that the attackers are disguising malware as…
Cybersecurity researchers have uncovered details about a stealth-focused botnet known as Masjesu, a growing threat built to launch distributed denial-of-service (DDoS) attacks while staying under the radar. First appearing around 2023, Masjesu has been promoted on Telegram as a paid…
