Tag: threat
-
RSAC Cryptographers’ Panel Highlights AI Defense Challenges
Missing: Threat Models to Defend Against Attacks in the Age of Agentic AI. AI continues to rapidly reshape the cybersecurity ecosystem in unforeseen ways, leaving for now unanswered the question about how to best defend against it, warned panelists at the 35th annual Cryptographers’ Panel at RSAC Conference. First seen on govinfosecurity.com Jump to article:…
-
An Evolving GlassWorm Malware is Making the Rounds of Code Repositories
Threat researchers with various vendors for the past year have been tracking the efforts of a bad actor dubbed GlassWorm known for dropping malicious extensions in code registries like npm, Open VSX, PyPI, and Microsoft’s Visual Studio Marketplace with the aim of stealing secrets and cryptocurrency. This month, threat researchers wrote about a resurgence in..…
-
CISA’s acting chief warns shutdown is increasing cyber risks, causing resignations
With CISA’s reduced capacity during the shutdown, Andersen said, the agency is largely limited to responding to imminent threats, protecting life and property, sharing critical vulnerability and incident information and keeping its 24/7 operation center up and running. First seen on therecord.media Jump to article: therecord.media/cisa-acting-chief-warns-shutdown-increasing-risks-leading-to-retention-issues
-
Seceon Wins Four Global InfoSec Awards at RSA 2026 and Launches ADMP and SeraAI 2.0 Autonomous SOC
Open Threat Management platform sweeps four award categories at RSA Conference while announcing ADMP and SeraAI 2.0. SAN FRANCISCO, March 24, 2026 /PRNewswire/, Seceon Inc., developer of the Open Threat Management (OTM) Platform, today announced four wins at Global InfoSec Awards 2026, presented at RSA Conference. The awards span MSSP enablement, critical infrastructure protection, First…
-
Bubble AI app builder abused to steal Microsoft account credentials
Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bubble-ai-app-builder-abused-to-steal-microsoft-account-credentials/
-
‘Do not shift budgets to AI’: How businesses should and shouldn’t respond to evolving threats
Experts said companies rushing to buy AI services risked letting their existing, still-vital defensive measures deteriorate. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-cyberattacks-changes-defense-offense-strategies/815716/
-
The Dark Side of DDoS: Why DDoS Downtime is Harder to Prevent
Cloudflare recently published data that offers clear insight into where the DDoS threat environment is heading. DDoS attacks are becoming larger, more frequent, and more sophisticated, with botnets reaching unprecedented scale. But beyond the headline numbers, the report also points to a broader shift that deserves closer attention. In this article, we’ll discuss some of..…
-
Before the Lights Go Out
How the ColorTokens Xshield platform and its integrated ecosystem stand between North America’s power grid and digital adversaries. Note: AI generated image, please ignore errors. Let us not pretend that the threat to North America’s Bulk Electric System is theoretical. In 2022, SANDWORM, Russia’s GRU-linked hacker collective, deployed Industroyer2 against Ukrainian high-voltage substations, a direct……
-
Skyhawk Security Adds Threat Actor Context to Cloud Attack Scenarios, Mapping Simulations to Known Adversaries
Skyhawk Security has added Threat Actor Context to its cloud security platform, giving security teams a way to understand simulated attack scenarios through the lens of known adversary behavior. The enhancement connects Skyhawk’s AI Red Team attack simulations to real-world threat actors, their campaigns, and affiliated CVEs. The capability goes beyond mapping to tactics, techniques,..…
-
State Department Launches New Bureau to Combat High-Tech Threats
The State Department has officially operationalized the Bureau of Emerging Threats (ET), a high-stakes unit designed to shield American interests from the weaponization of advanced technology by foreign adversaries. The bureau’s launch marks the culmination of a sweeping reorganization plan introduced nearly a year ago by Secretary of State Marco Rubio. While its existence was..…
-
Cloud Phones Linked to Rising Financial Fraud Threat
Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cloud-phones-financial-fraud/
-
Broadcom Introduces Symantec CBX, Unifying Symantec and Carbon Black Into a Single XDR Platform
Broadcom has introduced Symantec CBX (Carbon Black XDR), a cloud-based platform that unifies Symantec and Carbon Black technologies into a single extended detection and response solution. The announcement was made March 23 at RSAC 2026 in San Francisco. The platform targets organizations that face serious threats but don’t have the staffing or budget to run..…
-
North Korean Hackers Are Turning VS Code Into a Silent Attack Tool
Developer environments are designed for speed, automation, and flexibility. Features like auto-run tasks and integrated scripting help streamline workflows, but they can also introduce new security risks when abused. New reporting from The Hacker News reveals that North Korean threat actors are exploiting auto-execution features in Visual Studio Code to execute malicious code on developer…
-
China-Backed Hackers Target Southeast Asian Military Systems in Ongoing Spy Campaign
China-linked threat actors have been identified targeting Southeast Asian military networks in a long-running cyber espionage campaign focused on intelligence collection and operational surveillance. The activity, tracked as CL-STA-1087, demonstrates a highly disciplined approach that combines custom malware, stealth techniques, and long-term persistence. Rather than large-scale data theft, the attackers focus on high-value intelligence such…
-
UK cyber chief urges ‘full court press’ to counter rising cyber threats
In a keynote speech at the RSA Conference, National Cyber Security Centre (NCSC) CEO Richard Horne said cyber risks are now “of greater consequence than ever before.” First seen on therecord.media Jump to article: therecord.media/uk-cyber-chief-urges-full-court-press-to-counter-risks
-
Why AI agents are one prompt away from ransomware
As AI adoption advances beyond chatbots, security leaders are up against rogue AI agents mirroring threat actors and a generational skills gap as security operations teams become overly dependent on AI First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366640722/Why-AI-agents-are-one-prompt-away-from-ransomware
-
Gemini picks up criminal activity buried in dark web noise
To help teams make faster and more accurate decisions on emerging threats, Google has introduced a dark web intelligence capability in Google Threat Intelligence. Powered by … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/25/google-dark-web-intelligence-capability/
-
Mirai Botnets Evolve Into Major DDoS and Proxy Abuse Threats
Mirai-based botnets have evolved from simple IoT malware into large-scale DDoS and proxy abuse platforms that now underpin record-breaking attacks and stealthy cybercrime operations. In total, over 21,000 C2 servers were observed between July and December 2025, with a notable shift towards abusing bots as residential proxies in addition to classic DDoS use. This growth…
-
The Kill Chain Is Obsolete When Your AI Agent Is the Threat
In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code, and attempting lateral movement at machine speed.This incident is worrying, but there’s a scenario…
-
TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/teampcp-litellm-pypi-supply-chain/
-
ClawHub Vulnerability Lets Attackers Manipulate Rankings to Become Top Skill
Silverfort researchers recently uncovered a critical security flaw in ClawHub, the main public registry for the OpenClaw agent ecosystem. This vulnerability allowed attackers to artificially boost download numbers, pushing malicious code to the top of the search results. This created a massive supply chain risk that could allow threat actors to run dangerous code on…
-
Malicious LiteLLM versions linked to TeamPCP supply chain attack
TeamPCP backdoored LiteLLM v1.82.71.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now…
-
Malicious LiteLLM versions linked to TeamPCP supply chain attack
TeamPCP backdoored LiteLLM v1.82.71.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now…
-
TeamPCP Backdoors LiteLLM Versions 1.82.71.82.8 via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor.Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on…
-
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy KICS Hacks
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPCP, injected malicious code into versions 1.82.7 and 1.82.8. This devastating supply chain attack directly follows the group’s…
-
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy KICS Hacks
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPCP, injected malicious code into versions 1.82.7 and 1.82.8. This devastating supply chain attack directly follows the group’s…
-
Beyond Intel Sharing: The Push Toward Cyber Disruption
Google Threat Intelligence’s Sandra Joyce on AI Threats and Active Defense. Sharing threat intelligence is no longer enough – the cybersecurity industry must operationalize it through coordinated takedowns and active disruption, says Sandra Joyce, vice president at Google Threat Intelligence. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/beyond-intel-sharing-push-toward-cyber-disruption-a-31160
-
Aqua Security’s Trivy Scanner Hit by Supply Chain Attack, Threatening Software Integrity
Tags: attack, cyber, github, malicious, open-source, risk, software, supply-chain, threat, vulnerabilityA sophisticated supply chain attack compromised Aqua Security’s popular open-source Trivy vulnerability scanner. Threat actors successfully distributed malicious code through the project’s GitHub Actions, targeting deployment pipelines to silently exfiltrate sensitive credentials. While Aqua’s commercial products remain completely unaffected, the incident highlights the severe risks of using mutable version tags in deployment automation. The attack…
-
How Quantum Threats Drive Encryption Changes
Alex Doll of Ten Eleven Ventures on Q-Day Risk Considerations. Quantum computing advances push security teams to replace encryption keys faster and adopt quantum-resistant algorithms. Investors and enterprises now treat Q-Day as a near-term risk, forcing changes in key management, PKI and cryptographic standards, says Alex Doll of Ten Eleven Ventures. First seen on govinfosecurity.com…
-
PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ptc-warns-of-imminent-threat-from-critical-windchill-flexplm-rce-bug/