Ransomware in 2025: Blending in is the strategy
Ransomware attacks aren’t smash-and-grab anymore. They’re built on access that already looks legitimate — closer to positioning chess pieces than breaking the door down. That’s…
Author: Cybernoz
Silencing the EDR Silencers | Huntress
As many security practitioners know, tampering with Endpoint Detection and Response (EDR) products is a deep desire for threat actors and red teamers alike. I…
Cisco source code stolen in Trivy-linked dev environment breach
Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and…
Google Unveils Ransomware Detection and File Restoration for Google Drive
Google has officially moved its ransomware detection and file restoration features for Google Drive into General Availability. Originally launched in beta in September 2025, the…
The US Military’s GPS Software Is an $8 Billion Mess
Last year, just before the Fourth of July holiday, the US Space Force officially took ownership of a new operating system for the GPS navigation…
Axios NPM Packages Breached in Ongoing Supply Chain Attack
A severe supply chain attack has compromised the widely used Axios HTTP client on the npm registry. Attackers injected a malicious dependency into specific Axios…
Critical F5 BIG-IP Flaw Upgraded to 9.8 RCE, Exploited in the Wild
Cybersecurity researchers at F5 have issued an urgent warning regarding a severe security flaw affecting their BIG-IP APM systems. Originally, the issue was dismissed as…
Amazon sends AI agents into pen testing and DevOps
Amazon’s latest AI capabilities bring on-demand penetration testing through the AWS Security Agent, alongside the AWS DevOps Agent. “These agents are changing the way we…
Axios supply chain attack chops away at npm trust
Researchers found that compromised Axios versions installed a Remote Access Trojan. Axios is a promise-based HTTP Client for node.js, basically a helper tool that developers use behind…
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
Ravie LakshmananMar 31, 2026Zero-Day / Vulnerability A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a…
High Court dismisses judicial review against eVisa system
The High Court has dismissed the judicial review case against the Home Office’s electronic visa (eVisa) system, after concluding that the secretary of state has…
Intesa Sanpaolo Data Breach Draws €31.8M Fine
The Intesa Sanpaolo data breach has resulted in a €31.8 million fine from Italy’s data protection authority, after an investigation found serious lapses in how…