Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information and test stolen credit card data. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered
Cyber News
The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Cyber News
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the […]
Cyber News
The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the “tj-actions/changed-files” GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. “The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a […]
Cyber News
@ ALL, Getting Phished is to be expected. As two sayings put it, We are all human.To err is human. As I’ve said before, for most people, in most cases of attack, the only reasons it’s not yet happened to you are, 1, It’s a target rich environment.2, Your number has not yet come up.3, […]
Cyber News
There’s a virtuous cycle in technology that pushes the boundaries of what’s being built and how it’s being used. A new technology development emerges and captures the world’s attention. People start experimenting and discover novel applications, use cases, and approaches to maximize the innovation’s potential. These use cases generate significant value, fueling demand for the […]
Cyber News
Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure product that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems. “A stack-based buffer overflow […]
Cyber News
A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations. The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service. The threat intelligence firm said it
Cyber News
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data. The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links […]
Cyber News