CyberSecurity Updates

08 Sep

18 Popular Code Packages Hacked, Rigged to Steal Crypto

Data Breaches, Information, Insights

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could lead to a disruptive malware outbreak that is far more difficult…

Read More
06 Sep

Under lock and key: Safeguarding business data with encryption

Information

Business Security As the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purpose Phil Muncaster 05 Sep 2025  •  , 5 min. read A single security breach can jeopardize everything you’ve built. The theft of intellectual property and confidential customer data can result in a cascade of consequences, from hefty financial losses and a shattered brand reputation to ultimately the threat…

Read More
05 Sep

GOP Cries Censorship Over Spam Filters That Work

Information, Insights

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google’s CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder. But according to experts who track daily spam volumes worldwide, WinRed’s messages are getting blocked…

Read More
05 Sep

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

Information

ESET researchers have identified a new threat actor, whom we have named GhostRedirector, that compromised at least 65 Windows servers mainly in Brazil, Thailand, and Vietnam. GhostRedirector used two previously undocumented, custom tools: a passive C++ backdoor that we named Rungan, and a malicious Internet Information Services (IIS) module that we named Gamshen. While Rungan has the capability of executing commands on a compromised server, the purpose of Gamshen is to provide SEO fraud as-a-service,…

Read More
03 Sep

CISA, NSA, and Global Partners Release a Shared Vision of Software Bill of Materials (SBOM) Guidance

Attacks, Insights, Malware

CISA, in collaboration with NSA and 19 international partners, released joint guidance outlining A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity. This marks a significant step forward in strengthening software supply chain transparency and security worldwide. An SBOM is a formal record detailing the components and supply chain relationships used in building software. SBOMs act as a software “ingredients list” providing organizations with essential visibility into software dependencies, enabling them to identify…

Read More
01 Sep

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

Data Breaches, Information, Insights

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including…

Read More
29 Aug

This month in security with Tony Anscombe – August 2025 edition

Information

From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity news 28 Aug 2025 As August 2025 comes to a close, ESET Chief Security Evangelist Tony Anscombe reviews a selection of the top cybersecurity stories that moved the needle, raised the alarms or offered vital lessons over the past 30 or so days, as well…

Read More
29 Aug

Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions

Information, News

Nevada on Wednesday confirmed that the days-long disruption to state systems and services was caused by a ransomware attack. The incident, disclosed on Monday morning as a network security incident, occurred on Sunday, and forced Nevada to close all state offices on Monday and Tuesday. During a press conference on Wednesday, the state’s officials publicly confirmed that a “sophisticated ransomware attack” was the cause of the disruptions. “Upon detection, we immediately activated our established cybersecurity…

Read More
28 Aug

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

Information, Insights

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called “Gambler Panel” that bills itself as a “soulless project that is made for profit.” A machine-translated version of Gambler Panel’s affiliate website. The scam begins…

Read More
28 Aug

First known AI-powered ransomware uncovered by ESET Research

Information

ESET Research The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats 26 Aug 2025  •  , 2 min. read ESET researchers have discovered what they called “the first known AI-powered ransomware”. The malware, which ESET has named PromptLock, has the ability to exfiltrate, encrypt and possibly even destroy data, though this last functionality appears not to have been implemented in the malware yet. While PromptLock was not…

Read More