The State of Trusted Open Source Report
In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption…
Author: Cybernoz
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
A threat actor has been exploiting vulnerable Next.js applications to compromise systems and exfiltrate credentials at scale, Cisco’s Talos security researchers warn. Tracked as UAT-10608,…
Hong Kong Hospital Authority apologises for data breach involving 56,000 patients
Hong Kong’s privacy watchdog and police are investigating a large-scale data leak involving more than 56,000 patients served by the Hospital Authority, which reported the…
Claude Code is still vulnerable to an attack Anthropic has already fixed
The leak of Claude Code’s source is already having consequences for the tool’s security. Researchers have spotted a vulnerability documented in the code. The vulnerability,…
After fighting malware for decades, this cybersecurity veteran is now hacking drones
Mikko Hyppönen is pacing back and forth on the stage, with his trademark dark blonde ponytail resting on an impeccable teal suit. A seasoned speaker,…
NERC CIP-014 Standard Explained | Huntress
We sat down with Brian Harrell, VP of Security at AlertEnterprise, and talked about the NERC CIP-014 Standard. If you aren’t familiar with CIP-014 or…
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
Starting this week, Microsoft has begun force-upgrading unmanaged devices running Windows 11 24H2 Home and Pro editions to Windows 11 25H2. According to the company’s…
New Progress ShareFile Bugs Let Attackers Take Over Servers Without Logging In
A dangerous attack chain in Progress ShareFile that can allow attackers to take over exposed on-premises servers without first logging in. The issues affect customer-managed…
Hackers Are Posting the Claude Code Leak With Bonus Malware
A WIRED investigation based on Department of Homeland Security records this week revealed the identities of paramilitary Border Patrol agents who frequently used force against…
Hackers Launch Social Engineering Offensive Against Key Node.js Maintainers
Following the high-profile supply chain compromise of the widely used Axios package, a highly coordinated social engineering campaign has been uncovered targeting top-tier Node.js and…
Which messaging app takes the most limited approach to permissions on Android?
Messaging apps handle sensitive conversations, contacts, and media, and their behavior on a device varies in ways that affect privacy. An analysis of Android versions…
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026.…