MalwareMicrosoft Teams phishing spreads updated Matanbuchus malware loaderLaura FrenchJuly 16, 2025Matanbuchus 3.0 adds greater stealth and execution capabilities, and could lead to ransomware.
Network SecurityChina-linked Salt Typhoon infiltrated state National Guard networkSteve ZurierJuly 16, 2025Security officials touted victory over a second China-linked group on critical infrastructure networks.
DevOps67 malicious npm packages, novel loader spread North Korean malwareLaura FrenchJuly 15, 2025Packages that load BeaverTail malware were downloaded more than 17,000 times.
IdentityStolen identities a fear after Episource breach affects 5.4M patientsSteve ZurierJuly 15, 2025In letter to customers, Episource said that the sensitive healthcare data potentially stolen.
AI/MLRowhammer attacks spread to Nvidia GPUs with attacks on GDDR6 memoryShaun NicholsJuly 14, 2025University of Toronto researchers demonstrated Rowhammer attack on Nvidia A6000 GPUs.
Supply chainWordPress plugin Gravity Forms targeted in supply chain attackLaura FrenchJuly 14, 2025Certain versions of the legitimate plugin contained malware for a brief time period.
Critical Infrastructure SecurityHacktivists increasingly target critical infrastructure organizationsSteve ZurierJuly 14, 2025The line between cybercrime and hacktivism has blurred, as attacks target energy firms, manufacturers, and telecoms.
DevOpsFake Visual Studio Code extension for Cursor led to $500K theftLaura FrenchJuly 11, 2025The spoofed “Solidity” extension was installed from the Open VSX registry in Cursor.
Vulnerability ManagementFederal agencies have 24 hours to patch ‘Citrix Bleed 2’ bugSteve ZurierJuly 11, 2025CISA has likely seen exploitation across federal agencies and the private sector.
IdentityMcDonald’s ‘McHire’ chatbot records accessed via ‘123456’ passwordLaura FrenchJuly 10, 2025Paradox.ai, which built the McDonald’s “Olivia” chatbot, took responsibility for the issue.
