Hot Topics

Threats and Breaches

Stay current with latest developments in the hacking world. Explore topics, ranging from threats and breaches including data breaches to password hacks to malware. Readers can find posts updated hourly covering incidents around the world authored by some of leading experts and contributors in Cybersecurity industry.

Closeup of person going “Shhh!”

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

| | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern

SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern

| | CycloneDX, DevZone, Maven, SBOM, Vulnerabilities
In late 2023, a few members of the Apache Logging Services project – known for providing the famous Log4j logging framework – received funding from the Sovereign Tech Fund (STF) to enhance ...
Sonatype Blog

Prioritizing Vulnerabilities: A Growing Imperative

| | Vulnerability Management, vulnerability prioritization
Did a security breach just become your biggest nightmare? It’s a harsh reality for many companies. A whopping 76% of enterprise IT security executives reported business disruptions due to vulnerabilities... The post ...
Strobes Security

LockBit Hacker Sentenced To 4 Years Jail Plus Fined $860K

| | cryptocurrency, cyber extortion, Cyber Terrorism, cybercrime, Cybercrime Trends, Cybersecurity, Cybersecurity News, Data breach, Hacker Sentencing, International Cooperation, Justice System, law enforcement, Legal Proceedings, Lockbit, money laundering, Ransomware
Recent reports about legal proceedings, a 34-year-old Russian-Canadian national, Mikhail Vasiliev, has been handed a sentence of almost four years in Canadian prison. Vasiliev’s involvement in the global ransomware scheme known as ...
TuxCare
Multiple, unskippable notifications

Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones

| | 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA solution, 2FA/MFA, Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iCloud, Apple ID, Apple ID failure, Apple iOS, Apple iPad, Apple iPhone, bypass 2FA, MFA, MFA Bombing, mfa fatigue, MFA hacks, mfa protection, mfasecurity, Multi-Factor Authentication (MFA), OTP, OTP circumvention bot, OTP interception bot, phishing-resistant MFA, push otp, SB Blogwatch, TOTP, two-factor-authentication.2fa
Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support ...
Security Boulevard
vulnerability zero day

Google: Zero-Day Attacks Rise, Spyware and China are Dangers

| | China-linked Hackers, google-security, spyware, Zero Day Attacks
The number of zero-day vulnerabilities that are exploited jumped in 2023, with enterprises becoming a larger target and spyware vendors and China-backed cyberespionage groups playing an increasingly bigger role, according to Google ...
Security Boulevard
AI vulnerability

Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework

| | Artificial Intelligence (AI), Best Practices, framework, Ray, vulnerability
Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, ...
Security Boulevard
security data framework, data

How a Security Data Fabric Approach Can Transform the GRC Function

| | Compliance, data, data insight, GRC, security data fabric
Creating a security data fabric protects an organization’s investment in its security and other IT controls by identifying performance issues so they can be fixed ...
Security Boulevard
Vulnerability Management Lifecycle in DevSecOps

Vulnerability Management Lifecycle in DevSecOps

| | DevSecOps, Vulnerability Management
In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams. The first stage of his DevSecOps program: vulnerability management ...
GitGuardian Blog - Automated Secrets Detection
Smokey Bear / This-is-fine crossover

Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data

| | Brian J. Dunne, class action, class action lawsuit, DeleteFacebook, facebook, facebook fine, free vpn app, Ghostbusters, IAPP, Man In The Middle, man in the middle attack, man in the middle attacks, Mark Zuckerberg, Meta, mitm, MitM Attack, mitm attacks, mitm tool, mitm tools, Onavo, Onavo VPN, SB Blogwatch, Snapchat, SSL Bump, VPN
Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit ...
Security Boulevard
Load more