Information Security News Blog
-
The United States has imposed stringent sanctions against the 1VPNS service and two affiliated individuals. According to American authorities, this illicit network facilitated the obfuscation of ransomware campaigns, cloaked malicious software, and actively aided...
-
A widely used browser extension may masquerade as a secure instrument for years. Meanwhile, a sophisticated surveillance apparatus lies dormant within. Consequently, Google and Microsoft purged ModHeader from their respective Chrome and Edge repositories....
-
Renowned cybersecurity researcher Nightmare-Eclipse has once again disclosed an unpatched local privilege escalation vulnerability affecting Windows 10 and 11. Orchestrated as a calculated act of retaliation, the researcher deliberately timed the public disclosure to...
Apple has accused OpenAI of trade secret theft after a former engineer allegedly exploited an unauthorized pathway to infiltrate the tech giant’s internal network from his new position. The iPhone maker contends that Chang...
A crippling six-week hiatus following a severe cyberattack proved fatal for ZEGO Textilveredelungszentrum. Consequently, the German textile manufacturer failed to overcome the resulting financial devastation. Therefore, the enterprise officially initiated bankruptcy proceedings. This Bavarian...
Malicious commands hidden within text or files have served as tools to breach artificial intelligence systems for years. Now, defenders of these systems have begun utilizing the very same tactic to protect their assets....
Attackers are compromising websites at scale and installing hidden tools on servers to maintain remote control. The campaign has hit numerous small and medium-sized organizations in Australia. However, the attacks extend well beyond any...
Malicious firmware can seize control of a device before Linux starts. It can remain nearly invisible to security software running at the OS level. Researchers at Binarly discovered six vulnerabilities in U-Boot. The open-source...
Corporate storage systems are rarely taken offline unless the risk is serious. Progress Software has asked customers to shut down their ShareFile Storage Zone Controller servers immediately. The request comes in response to a...
The Initial Compromise and Detection A stolen package registry key enabled a cybercriminal to execute a severe jscrambler supply chain attack. They successfully uploaded five infected versions of the npm package. These rogue versions...
Invisible Threats in Code Reviews A malicious pull request can bypass code reviews flawlessly. Days later, it compels an AI assistant to covertly exfiltrate project secrets. Attackers simply conceal instructions within an ordinary PNG...
Immediate Threat to Joomla Websites Two critical vulnerabilities in Joomla’s iCagenda and Balbooa Forms extensions face active exploitation. Furthermore, cybercriminals launched these attacks before developers could issue patches. Both flaws permit attackers to upload...
Predictability and Stability Refined A stable distribution is cherished above all for its unwavering predictability. Debian 13.6 reinforces this virtue beautifully. It introduces a substantial array of remedies for the Linux kernel, server software,...
Fraudsters have turned human trust into a global, multi-million-dollar industry. The latest coordinated strike against that industry is among the largest in recent years. Operation First Light 2026 brought together law enforcement from 97...
A ransomware negotiator is supposed to help victim organizations reduce what they pay. Angelo Martino did the opposite. He secretly told the attackers how much each client was willing to pay. He collected a...