Cyber News & Articles

A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video hosting platform for propagating malicious payloads.
Active since 2021, the network has published more than 3,000 malicious videos to date, with the volume of such videos tripling since the start of the

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks.
The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space within a span

Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job.
“Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea’s current efforts to scale up its

AI is everywhere—and your company wants in. Faster products, smarter systems, fewer bottlenecks. But if you’re in security, that excitement often comes with a sinking feeling.
Because while everyone else is racing ahead, you’re left trying to manage a growing web of AI agents you didn’t create, can’t fully see, and weren’t designed to control.
Join our upcoming webinar and learn how to make AI

Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack or habits make any of those easy, you’re already a target.
This week’s ThreatsDay highlights show exactly how those weak points are being exploited — from overlooked

As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link.
For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique identifiers for workloads. While this approach provides clear traceability, it creates what security

Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud.
“Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards,” Palo Alto Networks Unit 42 researchers

E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours.
The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation flaw that could be

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild.
The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client

A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers.

Plus: Graham reveals his new-found superpower with Keyboard Maestro, and Scott describes a slick new way to whip up beautiful how-to videos with Screen Studio.

All this and more is discussed in episode 440 of “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Scott Helme.