Ravie LakshmananFeb 25, 2026Cybersecurity / Malware Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role… Read More "Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware"
When it comes to cyber threats, business email compromise (BEC) is one of the sneakiest, most costly scams out there. These digital predators don’t rely on brute force, but are patient, tactical, and they exploit one weakness above all: human… Read More "Know the red flags: Business email compromise signs to look out for"
A newly identified malware strain built for covert, long-term access to compromised systems has been documented in recent security research. Dubbed PDFSIDER by Resecurity, the threat is delivered through Dynamic-Link Library (DLL) side-loading and is engineered to install an encrypted… Read More "Researchers Uncover PDFSIDER Malware – Infosecurity Magazine"
Critical WordPress, BeyondTrust, Honeywell CCTV, and PUSR router vulnerabilities surfaced on underground forums, while CISA issued 8 ICS advisories impacting critical manufacturing sectors. Cyble Research & Intelligence Labs (CRIL) tracked 1,102 vulnerabilities last week. Of these, 166 vulnerabilities already have publicly available Proof-of-Concept (PoC)… Read More "Cyble Weekly Vulnerability Reports New Flaws And Vulnerabilities"
Attackers are constantly on the prowl, scoping out vulnerabilities of network-connected devices in your systems. These devices—laptops, desktops, servers, IoT, and more—are like unlocked doors waiting for threat actors to stroll through. And here’s the kicker: many of these vulnerabilities… Read More "Take control: Locking down common endpoint vulnerabilities"
One of the world’s biggest marketplaces for fraudsters appears to be closing down its Telegram operations following sweeping sanctions imposed by the US and UK. London-based blockchain analytics company Elliptic revealed that Tudou Guarantee, which has become a staple of… Read More "Scam Marketplace Tudou Guarantee Shutters Telegram Ops"
Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense… Read More "Manual Processes Are Putting National Security at Risk"
Microsoft says it has uncovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessments. The campaign employs carefully crafted lures to blend into routine workflows, such as cloning repositories, opening projects, and… Read More "Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors"
The UK’s National Health Service (NHS) has outlined plans to proactively work with suppliers to improve cybersecurity resilience across the healthcare and social care system in an open letter issued on January 22. The move follows the voluntary cybersecurity supply… Read More "NHS Issues Open Letter Demanding Improved Cybersecurity Standards"
Ravie LakshmananFeb 25, 2026 Zero Day / National Security A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian… Read More "Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker"
