June 25, 2024 at 04:05PM A threat actor may have accessed critical data on US chemical facilities by exploiting vulnerabilities in the CISA’s Chemical Security Assessment Tool. The compromised information includes chemical inventories, security assessments, and personnel details. This breach poses potential safety risks, and affected organizations are advised to review and enhance their cybersecurity … Read more
February 8, 2024 at 01:55PM Microsoft introduced ‘Sudo for Windows,’ a new feature in Windows 11, enabling users to run elevated commands from unelevated terminals. They recommend Gerardo Grignoli’s gsudo as an alternative with more features. The tool is being rolled out to Windows Insiders and will only be available on non-server builds. Microsoft plans … Read more
November 6, 2023 at 03:05AM APIs are increasingly prevalent in today’s Internet-connected world, enabling devices and applications to exchange information and improve user experiences. However, as API usage increases, security implications arise. Attackers are becoming more sophisticated in targeting payment APIs, with traditional protection techniques proving ineffective. With the holiday season approaching, e-commerce platforms face … Read more
October 31, 2023 at 10:29AM A new NuGet typosquatting campaign has been discovered that uses malicious packages to exploit Visual Studio’s MSBuild integration and install malware. This campaign targets Windows users and is the first documented case of threat actors leveraging this feature in malicious NuGet packages. The attackers continually refine their techniques, with earlier … Read more