Latest about Cyber Security
Rapid7 observes new Palo Alto VPN flaw exploited in the wild to bypass GlobalProtect authentication
A flaw fixed last month is now being used in real-life attacks, and security researchers are urging users to patch.
Compromised Red Hat npm packages downloaded over 80,000 times in one week – supply chain attack still ongoing
Security researchers spotted a new campaign using the same methods as TeamPCP.
Ransomware groups grow revenue by almost 40% in Q1 2026
Initial Access Brokers are removing a major pain point helping ransomware operators steal more.
Thousands of compromised websites abused by DriveSurge in active ClickFix and FakeUpdates campaigns
SilentPush is warning about an Intial Access Broker campaign called DriveSurge that uses thousands of websites to deploy a backdoor.
OpenAI Codex tool with over 29,000 downloads linked to malicious npm supply chain attack stealing authentication tokens
A tool started benign and turned sour after a little while, stealing tokens and granting persistent access.
Multiple Linux distros hit by major 'CIFSwitch' flaw that gives attackers root access
If you're using Linux, make sure you patch up and disable unnecessary file sharing features.
WP Maps Pro plugin flaw to create admin accounts on WordPress sites saw 3,600 attempts in a single day
Thousands of attacks were seen in a single day as a patch is rolled out.
17 million strong botnet of compromised devices dismantled by Dutch authorities
The botnet is theorized to be related to Asocks, with the possibility the proxy network has bitten the dust.
