Rust-Written IronWorm Hits NPM Supply Chain

Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel.

4 Critical Threats Where Attackers Have the Advantage

Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.

Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs

Organizations are growing serious about what nation’s rules apply to their data. Experts point to geopolitical tensions as a main contributing factor.

Attackers Use AI to Automate EDR Evasion Testing

Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.

Tropical Blend: Cyber & Politics Ramp Up Across Latin America

China-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests.

Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

A disabled security setting meant to protect authentication across Android versions of key apps like Word, PowerPoint, and Excel paved the way for attackers to steal logins and data.

FBI-Flagged Phishing Kit Kali365 Expands Its Reach

Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing.