Microsoft Alerts Developers of Malicious Next.js Repositories Used in Ongoing Hacker Attacks
Microsoft Defender has identified a coordinated campaign that weaponizes seemingly legitimate Next.js repositories to compromise developers. The malicious projects, often presented as interview assessments, exploit Visual Studio Code workspace automation, build‑time scripts, and server startup routines to fetch and execute JavaScript payloads from Vercel‑hosted endpoints. By leveraging normal Node.js workflows, the attackers establish a command‑and‑control channel without traditional installers, exfiltrating environment variables, cloud keys, and API tokens. Microsoft urges organizations to treat developer tooling as a critical attack surface and harden trust boundaries.
From the Outside In: A Smarter Approach to Vendor Access
Security teams increasingly view vendors and contractors as the most vulnerable entry points, exposing gaps in traditional employee‑centric access controls. Boon Edam advocates an “outside‑in” strategy that places layered verification at the perimeter, limiting tailgating and ad‑hoc credential use. By shifting...
Fake Zoom Meeting Silently Installs Surveillance Software, Says Malwarebytes
Malwarebytes uncovered a new fake‑Zoom meeting scam that silently installs a covert build of the Teramind employee‑monitoring tool on Windows workstations. Victims are lured by a realistic Zoom waiting room, then an automatic “Update Available” countdown triggers a silent download...
Ransomware Is the Invoice for Compounding Technical Debt
Ransomware attacks are increasingly being framed as the overdue invoice for years of accumulated technical debt. Experts highlight that identity sprawl, inconsistent patching, and legacy backup systems create fertile ground for ransomware to cripple organisations. A Rubrik survey found 95%...
Beyond the Queue: Smarter Security Will Ultimately Shape the Future of Global Air Travel
Airports in 2026 face a rapidly evolving threat matrix that blends physical, digital and human risks, from sophisticated stowaways and drone incursions to a 600% surge in cyber‑attacks. Balancing passenger convenience with robust security is no longer optional—it defines the...
Sektor Signs up Concentric AI to A/NZ Distie Portfolio
Sektor has entered a distribution agreement with AI and data‑security‑governance vendor Concentric AI to serve the Australian and New Zealand market. As an authorised distributor, Sektor will equip its channel partners with enablement, go‑to‑market support and local expertise, positioning Concentric AI’s platform for...
Phishing Campaign Targets Freight and Logistics Orgs in the US, Europe
A financially motivated group called Diesel Vortex has been running a phishing campaign against freight and logistics operators in the U.S. and Europe since September 2025. Using 52 domains and Cyrillic homoglyph tricks, the actors stole 1,649 unique credentials from...
What Does Business Email Compromise Look Like?
Business email compromise (BEC) continues to surge, costing $2.7 billion in 2022—a 12.5% increase over the prior year. Attackers masquerade as CEOs, HR staff, or trusted vendors, using deep reconnaissance, AI‑generated voice cloning, fake invoices, QR codes, and conversation hijacking to...
What Are the Types of Ransomware Attacks?
Ransomware has evolved into a multi‑strain ecosystem, ranging from classic crypto ransomware that encrypts data to double‑extortion variants that also threaten public leaks. Newer models such as encryption‑less, locker, scareware, and Ransomware‑as‑a‑Service (RaaS) broaden the attack surface and lower the...
Q&A: Palo Alto’s Eric Trexler Urges Identity-First, AI-Secure, Platformized Cyberdefenses
Eric Trexler, senior VP for the public sector at Palo Alto Networks, highlighted the federal government’s massive, fragmented cyber‑attack surface and the $27 billion FY 2025 cybersecurity budget, of which roughly $1.8 billion targets identity management. He noted that while agencies have made...
US Imposes Cyber-Related Sanctions on Russian, UAE Individuals and Entities
The U.S. Treasury announced cyber‑related sanctions on four individuals and three entities, including parties in Russia and the United Arab Emirates. The measures target those involved in acquiring and distributing malicious cyber tools that threaten U.S. national security. The sanctions...
1Password’s Annual Subscription Plans Are Getting a Price Hike Next Month
1Password announced a price increase for its annual plans effective March 27 2026. Individual subscriptions will rise to $47.88 per month and family plans to $71.88 per month, representing a $12 yearly bump. The company attributes the hike to added value and...
Lift Cybersecurity, Warns Report
Australian government agencies are urged to upgrade cybersecurity after Cisco and the University of Canberra released the "Securing the Nation" report. The study highlights that 59% of federal agencies view legacy, end‑of‑life technology as a top security challenge and warns...
Discord Is Delaying Its Controversial Age Verification Methods Due to Backlash: ‘We’ve Made Mistakes’
Discord announced a global age‑verification rollout featuring facial scans and ID uploads, but user backlash forced a delay. CTO Stanislav Vishnevskiy admitted the company failed to explain the process clearly, especially after a 2024 breach that exposed 1.5 TB of verification...
DISA's $201M Browser Contract Shows Resellers Still Have a Role to Play
DISA has issued a $201 million solicitation for cloud‑based internet isolation (CBII), requiring authorized Menlo Security resellers to deliver a managed service. Menlo Security supplies the underlying remote‑browser platform, while resellers will operate, integrate, and support the solution within DISA’s security...
ADVP Expects Digital Identity Consultation to Play by Rules of Data Act, DIATF
The Association of Digital Verification Professionals (ADVP) has urged the UK government to shape its upcoming digital‑identity consultation around the Data (Use and Access) Act 2025, warning that a single, government‑only wallet would lock out the private sector. ADVP argues...
Blumira Lands in Pax8 Marketplace, MSPs Get a Scalable Path to Managed SIEM
Blumira has entered the Pax8 Marketplace, allowing managed service providers (MSPs) to purchase, provision, and bill a full‑stack security operations platform through the same portal they use for cloud services. The integration eliminates separate sales and onboarding steps, enabling MSPs...
‘It’s Not over’: Cyber Info-Sharing Center Begins ‘Next Chapters’ After Losing Federal Funding
The Multi-State Information Sharing and Analysis Center (MS-ISAC) lost its federal grant in September 2025 and transitioned to a dues‑paying model. Sixteen states and territories are now full members, while eight additional states have purchased services for all their agencies....
Accelerating Federal Cloud Modernization
Federal agencies are accelerating cloud modernization, but must first close gaps in data readiness, cybersecurity, and legacy infrastructure. Officials from the Centers for Medicare & Medicaid Services, the Department of Energy, and NinjaOne discussed prerequisites for hybrid and multi‑cloud success....
Cost of Insider Incidents Surges 20% to Nearly $20m
The DTEX Cost of Insider Risks 2026 report, based on 8,750 security practitioners, finds average insider‑related losses of $19.5 million per organization, with employee negligence—largely driven by shadow AI—accounting for 53% of that cost. Negligence losses rose 17% year‑on‑year, pushing total...
Google Patches Three High-Severity Chrome Flaws
Google released a Chrome security update that fixes three high‑severity vulnerabilities (CVE‑2026‑3061, CVE‑2026‑3062, CVE‑2026‑3063). Two of the flaws involve out‑of‑bounds memory reads, while the third adds out‑of‑bounds writes in the WebGPU shader compiler. The bugs affect Chrome’s media stack, the...
Marquis Sues Firewall Provider SonicWall, Alleges Security Failings with Its Firewall Backup Led to Ransomware Attack
Fintech firm Marquis has filed a lawsuit against firewall vendor SonicWall, alleging that a 2025 breach of SonicWall’s cloud backup service exposed critical firewall configuration data. The compromised backup files allegedly gave threat actors the keys to bypass SonicWall defenses,...
Greater Pittsburgh Orthopaedic Associates Disclosed a 2025 Breach, but Was There Also One in 2024?
Greater Pittsburgh Orthopaedic Associates disclosed a data breach that began around August 10, 2025, affecting tens of thousands of patients. The group reported 35,000 records to HHS in August 2025, but a February 2026 filing to the Maine Attorney General raised the figure...
Multifaceted Phishing Scheme Deceives Bitpanda Customers
Cybersecurity firm Cofense uncovered a sophisticated phishing campaign that impersonates cryptocurrency broker Bitpanda. The fake site replicates Bitpanda’s login and adds a counterfeit multi‑factor authentication flow to harvest credentials, names, phone numbers, addresses, and birth dates. Attackers host the clone...
Mobile Credentials Provide Safer, More Seamless Security: HID
Mobile credentials are rapidly gaining traction in higher‑education campuses and commercial‑real‑estate portfolios, driven by seamless integration with smart‑building and HR systems. HID’s 2025 State of Security and Identity report shows that 69% of security leaders have deployed or plan to...
SMEs Urged by Government to “Lock the Door” Against Cybercriminals
The UK Government has launched a new campaign urging small‑ and medium‑size enterprises to adopt the Cyber Essentials framework after research showed that 50% of SMEs suffered a cyber attack in the past year. The study also revealed that cyber...
How to Use Cyber-Deception in Your Security Strategy
Cyber deception is gaining prominence as AI‑driven threats rise, prompting the UK NCSC to champion its wider use. The approach relies on high‑fidelity decoys—honeypots, fake credentials, and canary tokens—to generate early breach signals and expose lateral movement. While plug‑and‑play tools...
Enterprises Still Can't Get a Handle on Software Security Debt – and It’s only Going to Get Worse
Enterprises are wrestling with a surge in software security debt, with 82% reporting heightened vulnerability backlogs—a rise of 11% year‑over‑year. Critical flaws now account for 60% of that debt, and high‑risk, highly exploitable issues jumped 36% in the same period....
Sendmarc Releases DMARCbis Fireside Chat Featuring Co-Editor Todd Herr
Sendmarc has published a fireside chat with DMARCbis co‑editor Todd Herr, outlining the draft’s progress toward Proposed Standard status. The discussion details upcoming tag revisions, clearer reporting expectations, and a DNS tree‑walk method for receiver‑side domain discovery. Herr emphasizes that...
How to Maximize DDoS Readiness with Proactive Protection Strategies
Cyber Security Intelligence reports a surge in DDoS attacks in 2025, with assaults escalating from gigabyte to terabyte volumes. The article outlines proactive protection steps, starting with comprehensive risk assessments that inventory public‑facing assets and establish traffic baselines. It then...
How to Use Intune App Protection without MDM Enrollment
Microsoft Intune now lets organizations protect corporate data on BYOD devices without enrolling them in a full MDM solution. By applying app‑protection policies to apps that embed the Intune SDK, IT can enforce PINs, data‑sharing restrictions, and multi‑identity separation. Conditional...
How Camunda’s Skyflow Connector Helps Regulated Organizations Orchestrate Sensitive Data Safely
Camunda introduced a Skyflow connector that tokenizes and de‑identifies PII/PHI within BPMN workflows. The connector forwards selected fields to Skyflow’s vault, replaces them with tokens, and permits controlled re‑identification only at approved steps. This approach shrinks the cleartext data footprint...
Hackers Threaten to Leak 8 Million People’s Stolen Data if Dutch Telecom Odido Won’t Pay Ransom
Dutch telecom operator Odido confirmed a breach by the Shinyhunters cyber‑criminal group, which claims to have exfiltrated data on up to eight million customers. The attackers are demanding more than one million euros in ransom and have issued a final...
Ukraine Pushes Tighter Telegram Regulation, Citing Russian Recruitment of Locals
Ukrainian officials are urging tighter regulation of Telegram after Russian intelligence allegedly used the app to recruit saboteurs for attacks, including a deadly Lviv strike that killed a police officer. Interior Minister Ihor Klymenko and SBU deputy head Ivan Rudnytskyi...
Slotegrator Introduces an AI-Powered Anti-Fraud Assistant
Slotegrator has launched an AI‑powered anti‑fraud assistant for iGaming operators, turning existing dashboard metrics into concise, structured insights. The tool does not create new data or make autonomous blocking decisions, instead offering analytical recommendations for human review. It targets new...
Some Patients Listed as “Charlie Kirk” Or Dead After Major NZ Health App MediMap Hacked
New Zealand health‑tech firm MediMap was forced offline after an unauthorized intrusion altered patient records, including changing names to “Charlie Kirk” and marking individuals as deceased. The breach affected dozens of providers in aged‑care, disability, hospice and community settings, prompting the...
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Security firm Orca disclosed a critical vulnerability in GitHub Codespaces that lets attackers exfiltrate the automatically generated GITHUB_TOKEN and seize full control of a repository. The exploit, dubbed RoguePilot, leverages malicious content hidden in a GitHub issue, symbolic links, and...
Windows 11: A Guide to the Updates
Microsoft’s Windows 11 25H2 update consolidates a year’s worth of incremental features and security patches, delivering enhancements such as AI‑driven File Explorer actions, Quick Machine Recovery, and enterprise‑grade Wi‑Fi 7 support. Recent out‑of‑band builds address critical bugs, from Remote Desktop sign‑in...
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs
TeamT5, a Taiwan‑based cybersecurity firm, confirmed that CVE‑2024‑7694 – a privilege‑escalation flaw allowing malicious file uploads and arbitrary command execution – was likely weaponized by Chinese advanced persistent threat groups Slime57 and Slime62. The vulnerability, patched in August 2024, was exploited...
Enterprise Risk Management and Cybersecurity: Closing the Gap in Risk Governance
APQC’s new research highlights the critical gap between cybersecurity and enterprise risk management, revealing that only 41 % of organizations have integrated cyber risk into their ERM processes. The study introduces the Cyber‑ERM Integration Index, which measures governance alignment, risk quantification,...
Identity Prioritization Isn't a Backlog Problem - It's a Risk Math Problem
Identity programs still rank remediation like IT tickets, ignoring context. The article argues that true prioritization must treat identity risk as a function of controls posture, hygiene, business impact, and user intent, not just checklist completion. When these factors align,...
Windows 365 for Agents Brings Managed Cloud PCs to Autonomous Workflows
Microsoft introduced Windows 365 for Agents, a cloud platform that lets AI agents securely access managed cloud PCs without handling underlying infrastructure. Built on Azure virtual machines, the service leverages Microsoft Intune and Entra ID for device management and identity, offering shared PC...
North Korean Lazarus Group Linked to Medusa Ransomware Attacks
North Korean state‑backed Lazarus group has been linked to recent Medusa ransomware attacks targeting U.S. healthcare providers. Symantec’s report identifies a Lazarus sub‑unit, possibly Andariel/Stonefly, using the Medusa RaaS platform, which has affected more than 380 organizations since its 2021...
.webp?ssl=1)
Malicious NuGet Packages Target ASP.NET Developers to Steal Login Credentials
A coordinated supply‑chain campaign published four malicious NuGet packages between August 2024, amassing over 4,500 downloads before removal. The lead package, NCryptYo, typosquats the legitimate NCrypto library and installs JIT hooks that drop a hidden payload establishing a localhost proxy....
International Operation Dismantles Fraud Network, €400,000 Seized
An Eurojust‑backed international operation dismantled a fraudulent call centre operating from three offices in Dnipro, arresting 11 suspects and seizing more than €400,000 in cash along with electronic equipment. Victims in Latvia and Lithuania reported losses exceeding €160,000 after being...
CrowdStrike Says AI Is Officially Supercharging Cyber Attacks: Average Breakout Times Hit Just 29 Minutes in 2025, 65% Faster than...
CrowdStrike’s 2026 Global Threat Report reveals AI‑enabled cyber attacks surged 89% year‑over‑year, making AI systems a prime target for criminals. Prompt‑injection techniques are now being used to subvert AI‑driven security tools, while threat actors exploit vulnerabilities in AI development platforms....
Top Threat Modeling Tools, Plus Features to Look For
Automated threat‑modeling tools streamline the identification of risks and generate remediation recommendations, reducing the manual effort traditionally required. The article outlines a selection framework that blends business objectives, SDLC alignment, and functional criteria such as data‑ingestion ease, threat‑intel integration, and...
Microsoft Sovereign Cloud Adds Governance, Productivity, and Support for Large AI Models Securely Running Even when Completely Disconnected
Microsoft announced that its Sovereign Cloud now includes Azure Local disconnected operations, Microsoft 365 Local, and Foundry Local with large‑model support. The new services let enterprises run core infrastructure, productivity suites, and multimodal AI models entirely offline while preserving Azure‑consistent...
CISA on Life Support
The Cybersecurity and Infrastructure Security Agency (CISA) has seen its workforce shrink from roughly 3,400 to under 2,400, with fewer than 1,000 staff actively working amid the current DHS shutdown. Political turmoil—most notably the firing of director Chris Krebs and...
Druva Launches Deep Analysis Agents to Cut Forensic Investigations From Days to Minutes
Druva unveiled Deep Analysis Agents as an extension of its DruAI platform, promising to shrink forensic and compliance investigations from days to minutes. The agents leverage the Dru MetaGraph, a graph‑powered data map, to automatically correlate telemetry, logs, identity data, and...
