Recent cybersecurity research has identified a significant campaign, known as EMERALDWHALE, which exploits exposed Git configurations to extract credentials, clone private repositories, and even obtain cloud service credentials embedded in source code. This operation has reportedly compromised over 10,000 private repositories, with the stolen data stored in an Amazon S3…
Microsoft has recently issued a warning regarding an actively exploited zero-day vulnerability affecting Internet Explorer. This flaw is being utilized to compromise Windows systems by means of malicious Microsoft Office documents. Identified as CVE-2021-40444 with a CVSS score of 8.8, the vulnerability resides in MSHTML, a proprietary browser engine that…
Former Executive Pleads Guilty to Selling Trade Secrets to Russian Buyer In a significant case involving cybersecurity breaches, a former executive from a firm specializing in zero-day vulnerabilities and exploits was sentenced in federal court in Washington, DC, for trafficking in trade secrets valued at a minimum of $1.3 million.…
Twilio Faces Another Security Incident with Customer Data Compromised This week, communication services provider Twilio reported a security breach that occurred on June 29, 2022, attributed to the same group responsible for a significant breach in August 2022. The company revealed that unauthorized access to customer information was achieved through…
Data Security Second Round of Layoffs Since 2022 Follows $150 Million Email Security Acquisition Michael Novinson (MichaelNovinson) • October 29, 2025 Varonis has announced a reduction of its workforce by 5%, translating to approximately 120 employees, amid concerns over declining renewal rates in its on-premise subscription model. This decision comes…
Data Breach Exposes Students of Iran’s MOIS Training Academy A significant data leak has recently surfaced, revealing sensitive information belonging to students enrolled in Iran’s Ministry of Intelligence and Security (MOIS) Training Academy. This incident highlights ongoing vulnerabilities in cybersecurity practices within state institutions and raises questions about the security…
Google has reported the identification of a zero-day vulnerability within the SQLite open-source database engine, utilizing its large language model (LLM)-assisted framework known as Big Sleep (formerly Project Naptime). This discovery marks a significant milestone as the first real-world vulnerability unveiled through the application of an artificial intelligence (AI) agent.…
A previously undocumented backdoor, identified as SideWalk, has recently been discovered targeting an unnamed computer retail company in the United States, linked to a persistent Chinese espionage campaign known as Grayfly. This finding raises significant concerns in the cybersecurity community regarding the growing sophistication of foreign threats. In late August,…
Exploiting Vulnerabilities in NPM: A Surge in Credential-Theft Packages Cybercriminals have recently exploited a significant vulnerability in the NPM code repository, gaining access through more than 100 malicious packages designed to steal credentials since August. Notably, these attacks largely went unnoticed until now. Security firm Koi revealed these alarming findings…
