Malicious PyPI packages abuse Gmail, websockets to hijack systems
Seven malicious PyPi packages were found using Gmail’s SMTP servers and WebSockets for data exfiltration and remote command execution. The packages were discovered by Socket’s…
Author: Cybernoz
World Password Day: Your Reminder That “123456” Is Still Not Okay
Every year, World Password Day rolls around like clockwork. Falling on the first Thursday of May every year, we cross our fingers hoping folks have…
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
May 01, 2025Ravie LakshmananMalware / Web Skimming Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a…
How has US pushback affected UK DEI?
US organisations are rolling back their diversity, equity and inclusion programmes, which is likely to have an impact on tech companies in the UK with…
Google pours billions into AI, cyber and infrastructure expansion
Dive Brief: Google continued to ratchet up spending on technical infrastructure to meet growing demand for cloud compute services during the first three months of…
Mobile Security alert as 50% of mobiles host obsolete operating systems
A recent report from Zimperium zLabs has revealed a disturbing trend in the mobile technology landscape: nearly 50% of mobile devices worldwide are running on…
New Powerful Nullpoint-Stealer With Extensive Capabilities Hosted on GitHub
A sophisticated new information-stealing malware toolkit called “Nullpoint-Stealer” has recently been published on GitHub, raising concerns among cybersecurity professionals about its potential for misuse despite…
Context-Driven Security: Bridging the Gap Between Proactive and Reactive Defense
As cyber threats become more sophisticated, security teams struggle to shift from reactive trouble shooting to deploying strategic, proactive defenses. Disconnected tools and siloed data…
![[tl;dr sec] #277 - Cybersecurity (Anti)Patterns, $64K from Deleted Files, New from Meta AI Security](https://image.cybernoz.com/wp-content/uploads/2025/05/tldr-sec-277-Cybersecurity-AntiPatterns-64K-from-Deleted-Files.png)
[tl;dr sec] #277 – Cybersecurity (Anti)Patterns, $64K from Deleted Files, New from Meta AI Security
How to avoid Busywork Generators, bug bounty story of secrets in deleted files, new AI security tools and evals from Meta I hope you’ve been…
Researchers Find Way to Bypass Phishing-Resistant MFA in Microsoft Entra ID
Cybersecurity researchers have uncovered a sophisticated technique to bypass Microsoft’s phishing-resistant multi-factor authentication (MFA) by exploiting the device code authentication flow and Primary Refresh Tokens…
Think Twice Before Creating That ChatGPT Action Figure
At the start of April, an influx of action figure started appearing on social media sites including LinkedIn and X. Each figure depicted the person…
Crypto Agility: Preparing for the Post-Quantum Shift
Many enterprises believe their encryption is secure—until a new threat proves otherwise. Quantum computing and evolving cryptographic risks are forcing security teams to rethink their…