A collaborative investigation by Mauro Eldritch of BCA LTD, ANYRUN, and NorthScan has provided unprecedented visibility into how North Korean threat actors from the Lazarus…
Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw…
Dec 02, 2025Ravie LakshmananAI Security / Software Supply Chain Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven…
Leicester-based Cambridge and Counties Bank has been using a modern middleware platform from SnapLogic to help it drive out manual processes. Chief transformation officer (CTO)…
Security researchers warn that two recently disclosed vulnerabilities in Fortinet FortiWeb can be exploited in attacks targeting earlier, unsupported versions of the web application firewall…
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. The two high-severity vulnerabilities are…
Candiru, an Israeli-based spyware vendor, has deployed sophisticated malware infrastructure across multiple countries to target high-value individuals including politicians, journalists, and business leaders. The mercenary…
Security researchers at Nisos have identified a critical gap in insider threat detection: organizations often fail to correlate early behavioral anomalies with external intelligence sources,…
A security alert has been issued by software security firm Socket, revealing that North Korean threat actors have dramatically escalated their ongoing Contagious Interview attack.…
This week on the Lock and Code podcast… It’s often said online that if a product is free, you’re the product, but what if that…
Dec 02, 2025Ravie LakshmananMalware / Blockchain The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace…
By Published: 02 Dec 2025 The UK government’s Cyber Security and Resilience Bill (CSRB) was finally published in November 2025, and the language in which…
