Internet Security

California Cryobank, the largest US sperm bank, disclosed a data breach

March 19, 2025 add comment
California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information. California Cryobank (CCB) is the largest sperm bank in the U.S., providing frozen donor sperm... Read more »

Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks

March 19, 2025 add comment
The Rules File Backdoor attack targets AI code editors like GitHub Copilot and Cursor, making them inject malicious code via a supply chain vulnerability. Pillar Security researchers uncovered a... Read more »

U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

March 19, 2025 add comment
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities... Read more »

Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft

March 18, 2025 add comment
11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks. At least 11 state-sponsored threat groups have been... Read more »

ChatGPT SSRF bug quickly becomes a favorite attack vector

March 18, 2025 add comment
Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations. Cybersecurity firm Veriti reports that threat actors are... Read more »

GitHub Action tj-actions/changed-files was compromised in supply chain attack

March 18, 2025 add comment
The GitHub Action tj-actions/changed-files was compromised, enabling attackers to extract secrets from repositories using the CI/CD workflow. Researchers reported that threat actors compromised the GitHub Action tj-actions/changed-files, allowing the... Read more »

New StilachiRAT uses sophisticated techniques to avoid detection

March 18, 2025 add comment
Microsoft discovered a new remote access trojan (RAT), dubbed StilachiRAT, that uses sophisticated techniques to avoid detection. In November 2024, Microsoft researchers discovered StilachiRAT, a sophisticated remote access trojan... Read more »

Threat actors rapidly exploit new Apache Tomcat flaw following PoC release

March 17, 2025 add comment
Threat actors began exploiting a recently disclosed Apache Tomcat vulnerability immediately after the release of a PoC exploit code. A newly disclosed Apache Tomcat vulnerability, tracked as CVE-2025-24813, is being... Read more »

Attackers use CSS to create evasive phishing messages

March 17, 2025 add comment
Threat actors exploit Cascading Style Sheets (CSS) to bypass spam filters and detection engines, and track users’ actions and preferences.  Cisco Talos observed threat actors abusing Cascading Style Sheets... Read more »

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

March 17, 2025 add comment
A researcher released a free decryptor for Linux Akira ransomware, using GPU power to recover keys through brute force. Security researcher Yohanes Nugroho created a free decryptor for Linux... Read more »
Subscribe to our Newsletter