Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. “One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a
Author Archives: [email protected]
A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices. […]
08
Apr
Apr
Wow, KubeCon + CloudNativeCon Europe 2025 in London was a fantastic time! Our Azure Storage team was thrilled to exchange insights and success stories at this vibrant community event. If you missed it, don’t worry! We are here to share what we showed off at the con: how we are enhancing performance, cost-efficiency, and AI […]
Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager, making TLS connections more secure. […]
08
Apr
Apr
Brazil’s Piratini Palace is now open to virtual visitors on Google Arts & Culture. In the 1920s, the Palace became the administrative headquarters of the state gover…
Originally published by Schellman. Written by Tu Nguyen. If you’ve seen the news lately, you know that breaches stemming from third-party vendors are on the rise, and it seems no organization is truly safe. Whether you’re still actively contracted with a third party or have ceased providing services, recent incidents prove you’re still at risk, […]
Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term “AI” often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine’s eastern border, the agency said. The attacks involve distributing phishing emails
A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild. The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. […]
07
Apr
Apr
AI policy recommendations to support EU climate and competitiveness goals.