A critical vulnerability affecting the Context7 MCP Server, a widely used tool for delivering documentation to AI coding assistants, has been disclosed by security researchers. The issue, dubbed ContextCrush, could allow attackers to inject malicious instructions into AI development tools… Read More "ContextCrush Flaw Exposes AI Development Tools to Attacks"
North Korea’s Crypto Theft Operations: The Role of Lazarus Group in State-Sponsored Financial Warfare Lazarus Group cyberattack on Bitrefill highlights how North Korean hackers exploit crypto platforms via credentials and human error for theft. The latest Bitrefill cyberattack offers a revealing look into… Read More "Lazarus Group Bitrefill Cyberattack Crypto Threat"
Over the years, enterprise cybersecurity environments have accumulated staggering numbers of commercial tools. Industry research converges on a consistent picture of tool proliferation that drives complexity, cost, and risk. The global cybersecurity market is valued at approximately $243 billion in… Read More "Escaping the COTS trap | CSO Online"
The risk of insider threats is on the rise and businesses are concerned about the cybersecurity implications of intentionally malicious or negligent employees, research by Mimecast has warned. According to the company’s State of Human Risk Report 2026, internal cybersecurity… Read More "AI-Driven Insider Risk Now a “Critical Business Threat,” Report Warns"
The North Korean threat actor blamed for the Axios supply chain attack has been aiming its social engineering campaign at various Node.js maintainers, Socket reports. The Axios attack occurred on March 31, when two malicious package versions were published to… Read More "North Korean Hackers Target High-Profile Node.js Maintainers"
UK Businesses Are Being Targeted Through Their Middle East Supply Chains — What to Do Now Middle East supply chain risk is exposing UK businesses to indirect cyber threats through vendors, dependencies, and geopolitical tensions. The conversation around cyber risk… Read More "Middle East Supply Chain Risk Impacting UK Cybersecurity"
The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the TeamPCP threat actor proved just… Read More "How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers"
“A .lnk file is how Windows handles shortcuts: Whenever you click on that Outlook icon on your desktop, you’re actually clicking on a separate file that uses the Outlook image and directs the operating system to open up Microsoft Outlook,”… Read More "North Korean hackers abuse LNKs and GitHub repos in ongoing campaign"
Cybersecurity remains the fastest-growing IT occupation in the UK, having seen its ranks expand by 194% since 2021, according to a new Socura report. The managed detection and response (MDR) specialist used Office of National Statistics (ONS) data to compile… Read More "Number of Cybersecurity Pros Surges 194% in Four Years"
A threat actor has targeted the Strapi ecosystem in a fresh supply chain attack involving 36 malicious NPM packages, according to supply chain security firm SafeDep. An open source headless CMS built on Node.js, Strapi allows developers to create websites… Read More "Guardarian Users Targeted With Malicious Strapi NPM Packages"
