New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...

Hackers exploit file upload bug in Breeze Cache WordPress plugin

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

New GopherWhisper APT group abuses Outlook, Slack, Discord for comms

A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate ...

UK warns of Chinese hackers using proxy networks to evade detection

The United Kingdom's National Cyber Security Centre (NCSC-UK) and international partners warned that China-nexus hackers are ...

Regular Password Resets Aren’t as Safe as You Think

Password resets are one of the easiest ways for attackers to bypass security controls. Specops Software shows how helpdesk ...

Microsoft: Some Teams users can’t join meetings after Edge update

Microsoft confirmed that a recent Microsoft Edge browser update introduced a bug that prevents Windows users from joining ...

CISA orders feds to patch BlueHammer flaw exploited as zero-day

CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has ...

Trigona ransomware attacks use custom exfiltration tool to steal data

Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised ...

Cosmetics giant Rituals discloses data breach affecting customers

Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number ...

New Mirai campaign exploits RCE flaw in EoL D-Link routers

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.