Google Cloud
Software supply chain hacks trigger wave of intrusions, data theft
After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that “hundreds of thousands of stolen secrets could potentially be …
North Korean hackers linked to Axios npm supply chain compromise
The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of …
Attackers are handing off access in 22 seconds, Mandiant finds
Exploits remain the leading entry point for attackers for the sixth consecutive year, according to Mandiant’s M-Trends 2026 report, which draws on more than 500,000 …
Software vulnerabilities push credential abuse aside in cloud intrusions
Cloud intrusions are unfolding on shorter timelines, with attackers leaning more on unpatched software and compromised identities. H2 2025 distribution of initial access …
China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769)
A suspected China-linked cyberespionage group has been covertly exploiting a critical zero-day flaw (CVE-2026-22769) in Dell’s RecoverPoint for Virtual Machines software since …
ShinyHunters flip the script on MFA in new data theft attacks
Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in …
F5 NGINXaaS for Google Cloud protects cloud-native applications
F5 launched F5 NGINXaaS for Google Cloud, a cloud-native application delivery-as-a-service solution. Developed in collaboration with Google Cloud, this offering addresses the …
AuraInspector: Open-source tool to audit Salesforce Aura access control misconfigurations
Google and its Mandiant threat intelligence unit have released AuraInspector, an open-source tool aimed at auditing data access paths in Salesforce Experience Cloud …
Security teams debate how much to trust AI
AI is reshaping how organizations operate, defend systems, and interpret risk. Reports reveal rising AI-driven attacks, hidden usage across enterprises, and widening gaps …
Exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the …
Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)
A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the …
Salesforce investigates new incident echoing Salesloft Drift compromise
In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps …
Featured news
Resources
Don't miss
- Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
- Workplace stress in 2026 is still worse than before the pandemic
- NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward
- Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards
- Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug