Collaborate Disseminate
Slopsquatting and vibe coding are fueling a new wave of AI-driven cyberattacks, exposing developers to hidden risks through fake, hallucinated packages. Continue reading Developers Beware: Slopsquatting & Vibe Coding Can Increase Risk of AI-Powered Attacks
Cyber threats in 2025 require a proactive, adaptive approach. To stay ahead, CISOs must balance technical defenses, regulatory expectations, and human factors. By prioritizing AI-driven security, ransomware resilience, supply chain risk management, ins… Continue reading Top 5 threats keeping CISOs up at night in 2025
Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models. Once one of them is downloaded and executed on the developer’s machine, th… Continue reading Malicious ML models found on Hugging Face Hub
I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security experts in the world. A major theme across all three conferences was the curr… Continue reading Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32
In this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access (ZTNA) implementation, focusing on balancing security with operational efficiency. Hamilton highlights str… Continue reading Key metrics for monitoring and improving ZTNA implementations
Read more about a China-aligned cyberespionage threat actor dubbed StormBamboo, also known as Evasive Panda, which compromised an Internet Service Provider and infected targets with malware. Continue reading StormBamboo Compromises ISP, Spreads Malware
Evolving critical infrastructure risks, ransomware, supply chain exploitation, commercial spyware and AI were the top trends, the office reported.
The post ONCD report: ‘Fundamental transformation’ in cyber, tech drove 2023 risks appeared first on CyberScoop.
Continue reading ONCD report: ‘Fundamental transformation’ in cyber, tech drove 2023 risks
The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious ma… Continue reading New open-source project takeover attacks spotted, stymied
A trio of top brass for Mandiant shared the emerging advanced tactics, techniques and procedures that they see troubling cyber professionals.
The post What keeps CISOs up at night? Mandiant leaders share top cyber concerns appeared first on CyberScoop.
Continue reading What keeps CISOs up at night? Mandiant leaders share top cyber concerns
The news that XZ Utils, a compression utility present in most Linux distributions, has been backdoored by a supposedly trusted maintainer has rattled the open-source software community on Friday, mere hours until the beginning of a long weekend for man… Continue reading XZ Utils backdoor update: Which Linux distros are affected and what can you do?