Cybersecurity
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
Mini Shai-Hulud caught spreading credential-stealing malware The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom npm packages, plus the lightning PyPI package.…
Google’s fix for critical Gemini CLI bug might break your CI/CD pipelines
This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows If you use Gemini CLI, watch out: Google has patched a CVSS 10.0 vulnerability in its command-line AI tool and is warning anyone running it in headless mode, or through GitHub Actions,…
French prosecutors link 15-year-old to mega-breach at state’s secure document agency
Two computer crime allegations follow up to 18M lines of data surfacing online French prosecutors say police detained a 15-year-old on April 25 over the alleged theft of millions of records from France Titres (ANTS), the agency handling secure documents.…
Nearly half of UK businesses pwned last year as phishing keeps doing the job like it’s 2005
Turns out the real problem is not AI but staff still clicking on dodgy emails from 'IT support' Nearly half of UK businesses are still getting breached, and in many cases, the attacker's big breakthrough is an employee clicking "sure, why not" on a fake login page.…
What type of ‘C2 on a sleep cycle’ do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia
Just in time for the Trump-Xi summit Exclusive A novel China-linked threat group infiltrated more than a dozen critical networks in Poland, Asian countries, and possibly beyond, beginning in December 2024 and with activity uncovered as recently as this month.…
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
Emergency patches out now for those managing the millions of domains assumed to be affected Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed using it.…
CISA flags data-theft bug in NSA-built OT networking tool
GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough The Cybersecurity and Infrastructure Security Agency (CISA) is warning anyone who uses GrassMarlin, a tool developed by the National Security Agency (NSA), about a new vulnerability that attackers can use to snoop on sensitive information.…
GitHub: Woah, a genuinely helpful AI-assisted bug report that isn’t total slop. Here, Wiz, take this wad of cash
Claude ploughs through months of work in rapid time, helps Wiz researchers nab lucrative award Wiz researchers are set for a tidy payday thanks to their discovery of a high-severity flaw in GitHub's git infrastructure that handed remote attackers full read/write access to private GitHub repositories using a…
EU waves through open source age-check tool to keep kids safe online
'Online platforms can rely on our app,' says Commish, 'there are no more excuses' The European Commission has recommended EU member states adopt an age verification app designed to protect children from harmful online content.…
GoDaddy customer claims registrar transferred 27-year-old domain without any security checks
32 phone calls, 17 email chains, a 5-day ordeal, and no help during the daddy of all stuffups, claim those affected GoDaddy is currently investigating claims that it handed complete control of a valid 27-year-old domain to another customer, without requiring them to pass any authentication processes or…