Vulnerability ManagementGitHub Action bug allows supply chain attack; added to CISA listSteve ZurierMarch 19, 2025Affected organizations running repos in GitHub should assume compromise and rotate secrets immediately.
MalwarePhony CAPTCHA checks trick targets to download malwareShaun NicholsMarch 18, 2025Attackers use familiarity of CAPTCHA tests to dupe victims, HP reports.
AI/MLHow AI coding assistants could be compromised via rules fileLaura FrenchMarch 18, 2025Researchers showed how GitHub Copilot and Cursor could be manipulated with hidden Unicode.
Cloud Security$32 billion Google-Wiz deal bodes well for cloud security, experts saySteve ZurierMarch 18, 2025Acquisition promises to blend Google Cloud’s AI depth with stronger cloud security from Wiz.
RansomwareAkira ransomware decryption method uses GPUs to brute force keysLaura FrenchMarch 17, 2025Source code for the decryption method was published by programmer Yohanes Nugroho.
Vulnerability ManagementApache Tomcat flaw actively exploited; could allow ‘devastating’ RCEShaun NicholsMarch 17, 2025Remote code execution may be achieved on vulnerable servers with a single PUT API request.
Cloud SecurityMicrosoft 365 environments exploited in business email attacksSteve ZurierMarch 17, 2025The BEC attacks rely on phishing lures that let the bad actors operate entirely within the Microsoft 365 ecosystem.
AI/MLMicrosoft Dragon Copilot: Just what the doctor ordered?Stephen WeigandMarch 17, 2025Microsoft’s prescription for doctor burnout and fatigue is an AI assistant.
IdentityGitLab fixes critical SSO bypass vulnerabilities in updateShaun NicholsMarch 14, 2025The signature verification for the SSO system could be bypassed by using a specially crafted XML input.
Application securityMicrosoft restores VS Code theme flagged as malicious: We messed upLaura FrenchMarch 14, 2025The theme had millions of installations before it was removed in late February.
