Malicious PyPI package with 37,000 downloads steals AWS keys
A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web…
Fake Copyright Infringement Emails Spread Rhadamanthys
Attackers are triggering victims' deep-seated fear of getting in trouble in order to spread the sophisticated stealer across continents.
The Unsolvable Problem: XZ and Modern Infrastructure
The ongoing prevalence (and rise) of software supply chain attacks is enough to keep any software developer or security analyst…
New FASTCash malware Linux variant helps steal money from ATMs
North Korean hackers are using a new Linux variant of the FASTCash malware to infect the payment switch systems of…
Internet Archive hacked, data breach impacts 31 million users
Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a…
New Mamba 2FA bypass service targets Microsoft 365 accounts
An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted…
Wisconsin DA investigating mayor’s removal of absentee ballot drop box
Mayor Doug Diny of Wausau, Wisconsin, posted a photo to social media showing himself removing an empty voting drop drop…
Timeshare Owner? The Mexican Drug Cartels Want You
The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel…
New Eucleak attack lets threat actors clone YubiKey FIDO keys
A new "EUCLEAK" flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico's YubiKey 5 Series, allows attackers…
Innovator Spotlight: BackBox
Revolutionizing Network Security Automation I recently spoke with Rekha Shenoy, CEO of BackBox during the BlackHat conference, and her insights…