A dangerous Python package was recently found on the official Python Package Index (PyPI). It was named chimera-sandbox-extensions and disguised itself as a helpful tool for Chimera Sandbox, a legitimate open-source project used by developers to run AI experiments, especially on macOS. But in reality, this package was malware designed to steal sensitive information from … Continued
A ransomware group has targeted a utility billing software provider by taking advantage of a serious vulnerability in a remote monitoring tool called SimpleHelp. This tool is widely used by managed service providers (MSPs) and IT support teams to access systems remotely. Unfortunately, attackers have found a way to abuse it to launch ransomware attacks. … Continued
Cybersecurity company Proofpoint has made two major acquisition announcements that are set to strengthen its position in cloud security and compliance. These moves, made in May 2025, are seen as strategic steps to better protect users across modern collaboration platforms, especially Microsoft 365. The first big move by Proofpoint is the acquisition of Hornetsecurity, a … Continued
A serious security issue has been found in Apple’s Messages app. This problem was used to spy on journalists in Europe using a spyware tool called Graphite, made by a company named Paragon. The attack was discovered by researchers at Citizen Lab, who found clear signs that two journalists were targeted using this flaw. The … Continued
NIST has just released a practical new guide called SP 1800-35: Implementing a Zero Trust Architecture. Developed by the National Cybersecurity Center of Excellence (NCCoE) along with 24 private-sector collaborators, this document goes beyond theory. It gives real, working examples of how organizations can implement zero trust security using tools that are already available on … Continued
A new ransomware strain named Fog recently targeted a financial institution in Asia. What makes this attack different is the way the attackers used a mix of open-source hacking tools and legitimate software to carry out their plan. This helped them stay unnoticed and cause serious damage. The attackers managed to get into the system … Continued
ConnectWise has announced a major security step as it is going to rotate the code-signing certificates used in several of its software products, including ScreenConnect, Automate, and RMM agents. This move comes after a third-party security researcher flagged a possible security concern that could be exploited by attackers. The issue isn’t about any kind of … Continued
A new wave of cyberattacks has hit the corporate world, targeting more than 80,000 Microsoft Entra ID accounts. These attacks were uncovered by cybersecurity experts at Proofpoint, who linked the campaign to a tool called TeamFiltration. This tool is actually an open-source framework originally created for penetration testing but is now being misused by cybercriminals. … Continued
Salesforce has made a quiet but important change to how companies can interact with Slack data. While it was not announced with much fanfare, the impact is already being felt across the enterprise AI space. Slack, which is owned by Salesforce, recently changed its terms and is no longer allowing outside software firms to store … Continued
In recent months, there’s been a major rise in DDoS attacks targeting financial institutions. What’s scary is that these attacks aren’t just increasing in number, they’re also getting way more advanced and harder to detect. Cybercriminals have stopped relying only on traditional “flooding” methods. Now, they’re combining smarter techniques that slip past basic defenses. Banks … Continued
