China Software Developer Network – 6,414,990 breached accounts
In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords. - Read more
London councils enact emergency plans after three hit by cyber-attack
Kensington and Westminster councils investigating whether data has been compromised as Hammersmith and Fulham also reports hackThree London councils have reported a cyber-attack, prompting the rollout of emergency plans and the involvement of the National Crime Agency (NCA) as they investigate whether any data has been compromised.The Royal Borough of Kensington and Chelsea (RBKC), and Westminster city council, which...
npm (Shai-Hulud) Supply Chain Attack
What is the Attack? On November 24, 2025, Shai Hulud launches a second supply-chain attack, compromising Zapier, ENS, AsyncAPI, PostHog, and Postman, along with over 25,000 affected repositories across ~350 unique users. Shai Hulud 2.0 Strikes Again: Malware Supply-Chain Attack Hits Zapier & ENS...
Behind the Bargains: Why Phishing Peaks on Black Friday
Black Friday has evolved into one of the most active shopping periods of the year. No longer is it just one day of shopping after Thanksgiving; the sales have now turned into a full week of high-volume promotions, beginning before Thanksgiving and stretching through Black Friday and Cyber Monday, with many retailers extending deals even longer. Unsurprisingly, this surge...
The Shai-Hulud 2.0 npm worm: analysis, and what you need to know
Learn more about the Shai-Hulud 2.0 npm worm. - Read more
Tracking RondoDox: Malware Exploiting Many IoT Vulnerabilities
Over a dozen exploits were used to target IoT devices. - Read more
New “Generation Y” Hierarchy of Root and Intermediate Certificates
In a ceremony held in September, Let’s Encrypt generated two new Root Certification Authorities (CAs) and six new Intermediate CAs, which we’re collectively calling the “Generation Y” hierarchy. Now we’re moving to begin issuing certificates from this new hierarchy, and to submit it to various root programs for inclusion in their trust stores.
The two new roots look very similar...
Why Datadog is a 2025 Cloud Security Leader
A recap of Datadog's awards from the 2025 Latio Cloud Security Market Report - Read more
Analysis of a Large-Scale DDoS Attack Against a Payment Processing Platform
The two-wave attack reached a peak of 1.8 Tbps. - Read more
Latest article
Why AI, Zero Trust, and modern security require deep visibility
AI. Automation. Zero Trust. They dominate every security strategy document. But there’s a truth sitting underneath all three: none of them...
Samsung MagicINFO Server Multiple Vulnerabilities
Samsung MagicINFO Server Multiple Vulnerabilities MagicINFO User Credential Disclosure (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)NOTE: Samsung mentioned this item may have been fixed with version 21.1090.1, but we were...
Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files
Researchers say a vulnerability in Perplexity’s Comet AI browser could expose local files and credentials through malicious calendar invites.
The post Perplexity AI Browser Flaw...
Tycoon 2FA Phishing Kit Disrupted by Microsoft, Europol and Partners
Microsoft, Europol, and partners have dismantled the Tycoon 2FA phishing-as-a-service (PhaaS) platform, seizing 330 domains used for credential theft and MFA bypass. This coordinated...
