Author Archives: Christian Yng

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals...

01
May
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A new software supply chain attack campaign has been observed using sleeper packages as a...

01
May
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular...

30
Apr
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

The internet is noisy this week. We are seeing some wild new tactics, like people...

30
Apr
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes...

30
Apr
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in...

30
Apr
New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions

Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could...

30
Apr
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm...

30
Apr
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related...

29
Apr
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as...

29
Apr
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

In February 2026, researchers uncovered a shift that completely changed the game: threat actors are...

29
Apr
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Every security team has a version of the same story. The quarter ends with hundreds...

29
Apr
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

cPanel has released security updates to address a security issue impacting various authentication paths that...

29
Apr
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting...

29
Apr
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly...

29
Apr
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise...

28
Apr
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate...

28
Apr
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like...

28
Apr
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Every security program is betting on the same assumption: once a system is connected, the...

28
Apr
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face’s open-source...

28
Apr
After Mythos: New Playbooks For a Zero-Window Era

When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve...

28
Apr
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

A Chinese national accused of being a member of the Silk Typhoon hacking group has...

28
Apr
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable...

28
Apr
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell...

28
Apr
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has...

27
Apr
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

Everything is dumb again. This week feels broken in a very familiar way. Old tricks...

27
Apr
Could your choice of metrics be harming your SOC?
April 27, 2026

Poor metrics can render a well-intentioned security operation centre entirely ineffective....

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side

Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting...

27
Apr
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running...

27
Apr
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the...

27
Apr