Latest Cybersecurity News
View all →
Microsoft Azure Monitor alerts abused for callback phishing attacks
Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your…
New VoidStealer Variant Bypasses Chrome ABE Without Injection or Privilege Escalation
A newly identified variant of the VoidStealer infostealer has drawn serious attention from the security community after it became the first malware known to bypass…
New Critical Jenkins Vulnerabilities Put CI/CD Servers at Risk of RCE Exploits
The Jenkins project released a critical security advisory addressing multiple vulnerabilities in its core automation server and the LoadNinja plugin. These flaws expose continuous integration…
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Ravie LakshmananMar 21, 2026Malware / Threat Intelligence The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting…
Zopa Bank continues its transformation with further growth
Zopa Bank added half a million customers last year, and saw its profits grow by just over 90%, as its transformation into a bank enters…
Beijing wants its own quantum-resistant encryption standards rather than adopt NIST’s
Sarkar explained the underlying concern. “Structured lattices have patterns that could potentially be exploited in the future,” he said. “It is like having a lock…
Uncover Tomorrow’s Cyber Threats Today
Cyber threats are getting smarter, sneakier, and harder to catch. In 2024, we analyzed data from thousands of organizations and millions of endpoints and found…
Mid season reflection with Kim Jones.
In this mid-season episode, Kim takes a step back to reflect on the journey so far—revisiting key conversations, standout moments, and recurring themes that have…
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub…