PyPI invalidates tokens stolen in GhostAction supply chain attack
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors…
Month: September 2025
Critical Microsoft’s Entra ID Vulnerability Allows Attackers to Gain Complete Administrative Control
A critical vulnerability in Microsoft’s Entra ID could have allowed an attacker to gain complete administrative control over any tenant in Microsoft’s global cloud infrastructure.…
Mapping a Future without Cyber Attacks
After countless attacks across a multitude of organizations, the cyber security industry has a fairly good grasp of how adversaries work, the vulnerabilities they take…
Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks
SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON 32 last year, warning the security community of 20+ attacks that allow attackers…
Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks
Palo Alto, California, September 18th, 2025, CyberNewsWire SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON 32 last year, warning the security…
LinkedIn now uses your data for AI by default, opt out now!
LinkedIn is making major changes to its User Agreement and Privacy Policy, effective November 3, 2025. Among the most notable updates, the company will now…
How CISOs Can Drive Effective AI Governance
AI’s growing role in enterprise environments has heightened the urgency for Chief Information Security Officers (CISOs) to drive effective AI governance. When it comes to…
Teen hackers charged over Scattered Spider attack on TfL
Two men, named as Owen Flowers and Thalha Jubair, have today appeared before Westminster Magistrate’s Court in connection with a 2024 cyber attack on Transport…
APT28’s Recent Campaign Combined Steganography, Cloud C2 Into A Modular Infection Chain
APT28, the long-running actor tracked as Fancy Bear, Sofacy and Sednit, used a compact but technically sophisticated campaign that researchers documented as Phantom Net Voxel.…
New ‘shinysp1d3r’ Ransomware-as-a-service in Active Development to Encrypt VMware ESXi Environments
Emerging in mid-2025, the shinysp1d3r ransomware-as-a-service (RaaS) platform represents the next evolution of cloud-focused extortion tools. Unlike traditional ransomware that targets Windows endpoints or network…
New ‘shinysp1d3r’ Ransomware-as-a-Service Targets VMware ESXi in Ongoing Development
EclecticIQ analysts assess with high confidence that ShinyHunters is expanding its operations by combining AI-enabled voice phishing, supply chain compromises, and leveraging malicious insiders, such…
Cybersecurity For Consumers In the Age of AI
Cybersecurity Ventures predicts that the global cost of cybercrime it will surpass $10.5 trillion annually in 2025. When it comes to consumers, they’re being targeted more…