Critical Infrastructure Security46 new bugs in solar power inverters raise concerns over power grid stabilitySteve ZurierMarch 27, 2025While 80% of the flaws found in the inverters were high or critical, some experts advise not to become too distracted by “doomsday” scenarios.
Network SecurityBroadcom fixes authentication bypass flaw in VMware Tools for WindowsShaun NicholsMarch 27, 2025Access control weakness could potentially allow log-ins without proper authentication in VMware Tools for Windows.
DevSecOpsDangerous npm package ‘patches’ legitimate software with malwareLaura FrenchMarch 26, 2025The malware targets the “ethers” package and opens a reverse shell.
Data SecurityLeak of US strike plans to The Atlantic underscores risk of data seepageShaun NicholsMarch 26, 2025Human error is often at the center of data leaks from secured messaging platforms like the recent leak of U.S. strikes on Houthi rebels in Yemen.
IdentityAtlantis AIO tool automates credential stuffing across 140 platformsSteve ZurierMarch 26, 2025New tool can test millions of stolen credentials with minimal effort to run account takeovers.
Network SecurityChinese hackers spend years roaming telecommunications serviceShaun NicholsMarch 25, 2025China Chopper malware allowed threat group "Weaver Ant" to remain undetected for years.
IdentityFate of DNA data raises privacy, identity issues in 23andMe bankruptcySteve ZurierMarch 25, 2025Privacy advocates worry how the DNA data will be managed during company's Chapter 11 proceedings.
Network SecurityFCC vows to track down sanctioned Chinese telecoms banned from USShaun NicholsMarch 24, 2025U.S.-based carriers blocked from using China-based services and equipment.
RansomwareMedusa ransomware deployed via malicious Windows driverSteve ZurierMarch 24, 2025Driver with expired certificate evades EDR controls and deploys Medusa ransomware.
AI/MLNorth Korea launches hacking hub focused on artificial intelligenceShaun NicholsMarch 21, 2025"Research Center 227" reportedly focused on using AI for cyberattacks.
Cybersecurity pros really need to prioritize attending conferences and building communitySherrod DeGrippoMarch 27, 2025