ESET researchers provide insights into how PlushDaemon performs adversary-in-the-middle attacks using a previously undocumented network implant that we have named EdgeStepper, which redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used… Read More "PlushDaemon compromises network devices for adversary-in-the-middle attacks"
Police in Germany and Spain have moved to shut down a new version of the Crimenetwork dark web marketplace. Spanish investigators arrested a 35-year-old German citizen at his home in Mallorca last week after liaising with the Frankfurt am Main… Read More "Police Shut Relaunched Crimenetwork Dark Web Marketplace"
Here’s how open-source intelligence helps trace your digital footprint and uncover your weak points, plus a few essential tools to connect the dots 20 Nov 2025 • , 5 min. read Whatever the reason, we spend vast amounts of time… Read More "Find your weak spots before attackers do"
A ShinyHunters campaign has resulted in the compromise of information belonging to over 197,000 customers of fashion outlet Zara, according to HaveIBeenPwned. The data breach notification service posted a brief note on its website explaining data stolen during an April… Read More "Zara Data Breach Impacts Nearly 200,000 Customers"
In response to a recent wave of supply chain attacks targeting the NPM ecosystem, GitHub announced that scripts from dependencies will no longer be executed by default. Multiple major incidents that occurred over the past several months, mainly associated with… Read More "NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks"
Why your business needs the best-of-breed combination of technology and human expertise 24 Nov 2025 • , 4 min. read When I was in my mid-teens, I decided to get a job in a small local garage to learn how… Read More "MDR is the answer – now, what’s the question?"
A UK water company has been fined nearly £1m ($1.4m) by the data protection regulator after a two-year-long incident resulted in the compromise of personal information on over 633,000 people. South Staffordshire Water and parent company South Staffordshire PLC agreed… Read More "South Staffordshire Water Fined £1m After Data Breach"
Ravie LakshmananJun 13, 2026Vulnerability / Enterprise Software Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253,… Read More "Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication"
Social media influencers can provide reach and trust for scams and malware distribution. Robust account protection is key to stopping the fraudsters. 25 Nov 2025 • , 4 min. read It’s not an easy time to be an influencer. Brands… Read More "How cybercriminals are targeting content creators"
Security researchers have uncovered covert infostealer malware hidden in one of the top-ranking repositories on Hugging Face, in another example of the dangers posed by the AI supply chain. AI security vendor HiddenLayer explained in a blog post that it had… Read More "Malicious Hugging Face Repository Typosquats OpenAI"
