It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you’re a CISO or security leader, you’ve likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments often fall short unless they’re framed […]
Author Archives: Onsite Computing, Inc.
Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a phishing attack. The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm (“support@npmjs[.]help”), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025, […]
Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases. […] Go to Source Author: Lawrence Abrams
Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon and UNC4841. “The domains date back several years, with the oldest registration activity occurring in May 2020, further confirming that the 2024 Salt Typhoon attacks were not the first activity […]
Large network scans have been targeting Cisco ASA devices, prompting warnings from cybersecurity researchers that it could indicate an upcoming flaw in the products. […] Go to Source Author: Bill Toulas
A threat actor is using a sophisticated EDR-killing malware tool in a campaign to maintain long-term, persistent access on Windows systems. Go to Source Author: Jai Vijayan, Contributing Writer
The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens. Go to Source Author: Rob Wright
A new supply chain attack on GitHub, dubbed ‘GhostAction,’ has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. […] Go to Source Author: Bill Toulas
Signal has introduced a new opt-in feature that helps users create end-to-end encrypted backups of their chats, allowing them to restore messages even if their phones are damaged or lost. […] Go to Source Author: Sergiu Gatlan
American furniture brand Lovesac is warning that it suffered a data breach impacting an undisclosed number of individuals, stating their personal data was exposed in a cybersecurity incident. […] Go to Source Author: Bill Toulas