Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from…
A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at…
A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries…
If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don’t prioritize strong password security. However, balancing security and usability doesn’t…
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba"…
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t…
The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope. "The payload…
The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder…
Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. "Head Mare relied heavily on tools previously…
The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting seven organizations. These entities include…