Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed ‘Shai-Hulud’ started yesterday with the compromise of the @ctrl/tinycolor npm package, and has now expanded to CrowdStrike’s npm namespace. […] Go to Source Author: Ax Sharma
Author Archives: Onsite Computing, Inc.
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. “Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform Go to Source Author:
Microsoft has announced that the Windows Management Instrumentation Command-line (WMIC) tool will be removed after upgrading to Windows 11 25H2 and later. […] Go to Source Author: Sergiu Gatlan
A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories. “These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks,” HUMAN’s Satori Threat Intelligence […]
One VMware-certified pro is a win. An entire certified team? That’s a security multiplier. VMUG Advantage makes team-wide certification practical—building collaboration, resilience, and retention. […] Go to Source Author: Sponsored by VMUG
Jaguar Land Rover (JLR) announced today that it will extend the production shutdown for another week, following a devastating cyberattack that impacted its systems at the end of August. […] Go to Source Author: Sergiu Gatlan
Cybersecurity researchers have warned of a new campaign that’s leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. “The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection,” Acronis security researcher Eliad Go to […]
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in “extremely sophisticated” attacks. […] Go to Source Author: Sergiu Gatlan
The company acquired HyperComply to help enterprises automate vendor security reviews and gain a real-time picture of the security of their entire supply chain. Go to Source Author: Fahmida Y. Rashid
A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing the StealC infostealer malware. […] Go to Source Author: Lawrence Abrams