MUT-4831: Trojanized npm packages deliver Vidar infostealer malware
Analysis of a threat actor campaign targeting Windows users with Vidar infostealer malware via malicious npm packages - Read more
International Threats – Infection URLs Used in Regional Phishing Campaigns
By: Max Gannon, Intelligence TeamCofense Intelligence relies on over 35 million trained employees from around the world, and a considerable number of analyzed campaigns...
A runtime security approach to detecting supply chain attacks
Detecting software supply chain attacks through runtime security. - Read more
Google Cloud Platform (GCP) Google Security Operations SIEM Tenant Service Account of the SecOps...
Google Cloud Platform (GCP) Google Security Operations SIEM Tenant Service Account of the SecOps Instance Access Token Leak Tenable Research has identified and responsibly...
Google Cloud Platform (GCP) Google Security Operations IDE Code Execution Protection Bypass
Google Cloud Platform (GCP) Google Security Operations IDE Code Execution Protection Bypass Tenable Research has identified and responsibly disclosed a safety mechanism bypass vulnerability...
[R1] Tenable Identity Exposure Version 3.77.14 Fixes Multiple Vulnerabilities
Tenable Identity Exposure Version 3.77.14 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 11/03/2025 - 09:50
Tenable Identity Exposure leverages third-party software to help provide...
WordPress – Ultimate Dashboard exposed API Key
WordPress - Ultimate Dashboard exposed API Key Ultimate Dashboard allows to replace the default WordPress dashboard widgets with your own and give the WordPress...
Knee-jerk corporate responses to data leaks protect brands like Qantas — but consumers are...
When courts ban people from accessing leaked data – as happened after the airline’s data breach – only hackers and scammers winFollow our Australia...
Datadog threat roundup: Top insights for Q3 2025
Threat insights from Datadog Security Labs for Q3 2025. - Read more
Learnings from recent npm supply chain compromises
A look at recent npm supply chain compromises and how we can learn from them to better prepare for future incidents. - Read...
Latest article
CVE-2026-41940: cPanel & WHM Authentication Bypass
OverviewOn April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In...
Cursor Extension Flaw Exposes Developer API Keys
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX - Read more
CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only. - Read more
ClickUp Data Leak Exposes Enterprise Emails for Over a Year
A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns.
The post ClickUp Data...
