428 article(s)
A new wave of automated attacks is exploiting the React2Shell vulnerability to steal credentials from AI, cloud, and payment platforms. Here’s how the campaign works—and why it’s a wake-up call for cybersecurity.
Recurring password resets and lockouts quietly drain organizations' resources and expose them to ongoing security risks. Investigate the hidden costs behind routine credential incidents and how smarter policies can finally break the cycle.
A judge in Empoli, Italy, has ruled that a bank must reimburse a customer whose account was emptied by cybercriminals using malware disguised as a Chrome update. The case exposes gaps in banking security and highlights when banks are—and aren’t—liable.
A sophisticated malware campaign is targeting traders on Reddit with fake TradingView Premium posts, infecting victims with Vidar and AMOS infostealers that steal credentials and crypto wallets. Discover how this scam operates and why 'free' software can cost you dearly.
A global, automated credential theft campaign is exploiting the React2Shell flaw in Next.js applications, allowing attackers to deploy the NEXUS Listener tool and steal sensitive data from hundreds of organizations. Experts warn immediate patching and credential rotation are critical to stop further breaches.
Legacy breach monitoring can’t keep up with modern infostealer threats. With billions of credentials compromised and sophisticated malware bypassing traditional defenses, organizations must adopt continuous, automated monitoring or risk devastating breaches.
A seemingly trustworthy AI proxy library on PyPI, hermes-px, was actually a sophisticated Trojan. It hijacked a university’s private AI service, injected stolen Anthropic Claude prompts, and sent users’ conversations straight to a cybercriminal’s database. Learn how this attack unfolded and what it means for open-source security.
A supply chain breach in the LiteLLM AI library unleashed infostealer malware onto thousands of developer workstations, harvesting credentials at scale and exposing a critical weakness in how organizations handle secrets. Here’s how it happened—and how to fight back.
Iranian cyber operatives have unleashed coordinated password-spraying attacks on Israeli and UAE government and energy organizations, aligning digital intrusions with missile strikes. Dive into the tactics, tools, and countermeasures shaping this new era of hybrid warfare.
A major credential theft campaign has compromised over 750 cloud servers by exploiting the React2Shell vulnerability. Using NEXUS Listener, attackers automated the extraction of cloud secrets, exposing organizations to severe risks and regulatory fallout.