Nov 28, 2025Ravie LakshmananSupply Chain Attack / Malware The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been… Read More "North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware"
Nov 28, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply… Read More "Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages"
Nov 28, 2025The Hacker NewsEnterprise Security / Threat Detection As IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional perimeter-based security models and on-premises Privileged Access Management (PAM) solutions no longer suffice. IT administrators,… Read More "Why Organizations Are Turning to RPAM"
Nov 28, 2025Ravie LakshmananEmail Security / Enterprise Security Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. “When users operate as… Read More "MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants"
Nov 27, 2025Ravie LakshmananMalware / Social Engineering The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of… Read More "Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan"
Nov 27, 2025Ravie LakshmananWeb Security / Zero Trust Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims… Read More "Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update"
Nov 27, 2025Ravie LakshmananCybersecurity / Hacking News Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative… Read More "AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories"
Nov 27, 2025Ravie LakshmananRansomware / Cloud Security Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it… Read More "Gainsight Expands Impacted Customer List Following Salesforce Security Alert"
Nov 26, 2025The Hacker NewsSoftware Security / Patch Management If you’re using community tools like Chocolatey or Winget to keep systems updated, you’re not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams.… Read More "Learn to Spot Risks and Patch Safely with Community-Maintained Tools"
Nov 26, 2025Ravie LakshmananBrowser Security / Cryptocurrency Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that’s capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency… Read More "Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps"
