Security Bulletin

Atomic, Exodus wallets subjected to malicious npm package attack Attackers have been looking to compromise users of the Atomic and Exodus cryptocurrency wallets through the new "pdf-to-office" npm package spoofing a PDF to Microsoft Word document...

BleepingComputer reports that trojanized removable drives have been harnessed by the Russian state-sponsored threat operation Gamaredon, also known as Shuckworm, to distribute a new GammaSteel information-stealing malware variant in an attack...

Moroccan cybercrime operation Atlas Lion which sets its sights on major retailers, restaurants, and other gift card-giving organizations has been integrating their virtual machines into targeted entities' cloud domains via breached credentials to...

At CyberArk IMPACT 25, former CISA director Jen Easterly warns that without intelligent identity systems, AI-fueled cyberattacks will outpace defenses.

Domain controllers were breached in more than 78% of human-operated cyberattacks, warned Microsoft.

EC2 instance metadata can include sensitive information such as IAM role credentials.

Gladinet's platform is widely used among managed service providers, and a critical deserialization flaw could put MSP customers in jeopardy.

Managing permissions and authorizations across dozens or hundreds of cloud services and platforms poses significant headaches for companies. An open specification aims to change that.

An executive order is targeting former Trump appointees, including former CISA director Chris Krebs and his current coworkers, in the latest in a series of directives against those who dissented against the president and his associates.