Several malicious npm packages on the open-source repository have been used in supply chain attacks and phishing campaigns, according to researchers at ReversingLabs.  The researchers noted that the packages pose a dual threat, affecting application…

A 53-year-old man from Tracy, California, has recently been charged for allegedly hacking into the systems of a water treatment facility in an attempt to delete critical software.  The suspect, Rambler Gallo, has been charged with “transmitting a…

Security researchers at security firm Pradeo have discovered two file management applications hosted on Google Play, with more than 1.5 million combined downloads, that are sending user data to servers in China.  Published to Google Play by the same…

The U.S. government’s cybersecurity agency CISA recently warned that hackers linked to the Truebot malware operation are exploiting a known vulnerability in the Netwrix Auditor application to break into organizations in the U.S. and Canada.  In a…

Cisco recently discovered a critical security flaw in the Cisco Application Centric Infrastructure (ACI) Multi-Site CloudSec encryption feature, potentially allowing hackers to read or alter inter-site encrypted traffic.  The vulnerability (CVE-2023…

Energy giant Shell has recently confirmed that personal information belonging to employees has been compromised due to the recent MOVEit Transfer hack.  In a brief statement issued on Wednesday, Shell finally confirmed being hit by the MOVEit hack,…

A data breach at independent bottling company Pepsi Bottling Ventures recently impacted more than 28,000 individuals.  Discovered on January 10, the data breach occurred between December 23, 2022, and January 19, 2023, and resulted in the personal,…

Police have recently announced the arrest of an individual they believe to be a key figure in a prolific cybercrime group that has stolen at least $11m from banks and telcos over a four-year period.  Interpol stated that it worked with the…

Security researchers at VulnCheck have found that hundreds of energy organizations could be exposed to attacks due to an actively exploited vulnerability affecting a solar power monitoring product made by Contec.  Contec specializes in custom…

The Nagoya Port Unified Terminal System (NUTS) in Japan recently suffered a significant system outage that was attributed to a ransomware attack.  According to a notice (in Japanese) sent to customers, the attack disrupted container operations…

Microsoft has recently hit back at claims from Anonymous Sudan that it managed to breach the company and obtain account access for tens of millions of customers.  Anonymous Sudan, which has been linked in the past to pro-Kremlin groups like Killnet…

According to security researchers at Bishop Fox, approximately 69% of FortiGate firewalls affected by a recently discovered FortiOS vulnerability remain unpatched.  The flaw CVE-2023-27997 could lead to remote code execution (RCE).  It was…