Hidden Chinese APT infrastructure tied to Salt Typhoon and UNC4841
The domains are believed to be part of a long-running campaign to gain long-term access to global organizations.
Cybersecurity News - Page 43
Massive NPM supply chain attack impacts packages with over 2.6B weekly downloads
The maintainer of widely used NPM packages, confirmed his account was hijacked following a sophisticated phishing attack.
GPUGate malware delivery chain targets IT professionals in Western Europe
The threat actors behind GPUGate used malvertising to display fake ads at the top of Google search results.
Massive GitHub supply chain attack exposes over 3,300 secrets across 800+ repos
The attack saw 327 GitHub accounts compromised, with malicious GitHub Actions workflows injected into 817 repositories.
SAP S/4HANA code injection flaw actively exploited in the wild
Successful exploitation gives the attacker the ability to act with administrative privileges in the SAP system.
Hackers compromised Drift platform via Salesloft GitHub account
Using the account, the intruders downloaded content from multiple repositories and then added a guest user and established workflows.
Cyber Security Week in Review: September 5, 2025
In brief: WhatsApp fixes a flaw used in a spyware campaign, threat actors exploit a zero-day in Sitecore, and more.
Hackers exploit exposed machine key in old Sitecore versions for RCE
The attackers are abusing a sample machine key that was included in Sitecore deployment guides from 2017 and earlier.
GhostRedirector campaign targets Microsoft servers with Rungan and Gamshen malware
Rungan allows attackers to execute commands on compromised servers, while Gamshen is designed to provide SEO fraud as-a-service.
Iran-aligned hacker group linked to global spear-phishing campaign targeting embassies
The campaign, described as “coordinated” and “multi-wave,” has been attributed to actors connected to Homeland Justice.
Showing elements 421 - 430