Google has announced that it’s making available a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from […]
Cyber News
Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025. “Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked […]
Cyber News
Google Cloud’s Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses. “Since the recent arrests tied to the alleged Scattered Spider (UNC3944) members in the U.K., Mandiant Consulting hasn’t […]
Cyber News
Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. “The vulnerability we discovered was remarkably simple to exploit — by providing only a non-secret ‘app_id’ value to undocumented registration and email verification endpoints, an attacker
Cyber News
The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line “[PyPI] Email verification” that are sent from the email address noreply@pypj[.]org (note that the […]
Cyber News
In episode 61 of The AI Fix, a robot called DeREK goes bananas, OpenAI, Google DeepMind, and Anthropic warn we may lose the ability to see what AI is thinking, a dextrous robot changes its own batteries, the USA unveils its AI action plan, and a human beats AI to win the World Coding Championship. […]
Cyber News
Over 40,000 websites running a vulnerable version of a popular WordPress plugin could be at risk of being hijacked by hackers. The Post SMTP plugin is an add-on used by approximately 400,000 WordPress-powered websites to improve the reliability and security of their email delivery. The plugin has proven popular in part because of its marketing […]
Cyber News
Over 200,000 websites running a vulnerable version of a popular WordPress plugin could be at risk of being hijacked by hackers. The Post SMTP plugin is an add-on used by approximately 400,000 WordPress-powered websites to improve the reliability and security of their email delivery. The plugin has proven popular in part because of its marketing […]
Cyber News
A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter’s dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February 2025, is the latest entrant in the ransomware landscape to conduct big-game hunting and double […]
Cyber News