In response to a recent wave of supply chain attacks targeting the NPM ecosystem, GitHub announced that scripts from dependencies will no longer be executed by default. Multiple major incidents that occurred over the past several months, mainly associated with… Read More "NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks"
Why your business needs the best-of-breed combination of technology and human expertise 24 Nov 2025 • , 4 min. read When I was in my mid-teens, I decided to get a job in a small local garage to learn how… Read More "MDR is the answer – now, what’s the question?"
A UK water company has been fined nearly £1m ($1.4m) by the data protection regulator after a two-year-long incident resulted in the compromise of personal information on over 633,000 people. South Staffordshire Water and parent company South Staffordshire PLC agreed… Read More "South Staffordshire Water Fined £1m After Data Breach"
Ravie LakshmananJun 13, 2026Vulnerability / Enterprise Software Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253,… Read More "Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication"
Social media influencers can provide reach and trust for scams and malware distribution. Robust account protection is key to stopping the fraudsters. 25 Nov 2025 • , 4 min. read It’s not an easy time to be an influencer. Brands… Read More "How cybercriminals are targeting content creators"
Security researchers have uncovered covert infostealer malware hidden in one of the top-ranking repositories on Hugging Face, in another example of the dangers posed by the AI supply chain. AI security vendor HiddenLayer explained in a blog post that it had… Read More "Malicious Hugging Face Repository Typosquats OpenAI"
In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools 28 Feb 2026 With the second month of 2026 (almost) behind us, it’s time for ESET Chief Security… Read More "This month in security with Tony Anscombe – February 2026 edition"
Cybercriminals have combined ClickFix attacks with PySoxy, a 10-year-old open-source Python SOCKS5 proxy, to maintain persistence on victims’ machines without malware, even after attempts at removal. The campaign has been detailed by cybersecurity researchers at ReliaQuest, who warned that it… Read More "Attackers Combine ClickFix With PySoxy to Maintain Persistence"
After WIRED reported last week that Meta’s smart glasses app contained code that would enable the company to activate face-recognition features on the devices, the company removed the code this week without commenting on why or whether it plans to… Read More "The FCC Wants to Kill Burner Phones"
The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response (MDR) help learning institutions regain the initiative? 04 Mar 2026 • , 5 min. read For the… Read More "How MDR can tip the balance in favor of schools"
