Stealthier attacks have been facilitated by threat actors through the utilization of several strategically positioned internet-connected GEOBOX devices.
Top.gg GitHub organization, which is commonly leveraged for Discord servers, and other GitHub developers have been compromised in a new software supply chain attack campaign that involved browser cookie exfiltration and malicious PyPi package publication.
UNC5174, which is believed to be an ex-member of Chinese hacktivist groups Genesis Day and Dawn Calvary, leveraged a flaw, to compromise U.S. defense contractors, UK government organizations, and Asian entities.
Simultaneously leveraging the developer platform's Copilot and CodeQL tools, GitHub's code-scanning autofix feature, which is still in beta, has been touted to address over two-thirds of discovered code bugs.
Ivanti has urged organizations to immediately remediate critical vulnerabilities impacting its Standalone Sentry appliance and Neurons for ITSM IT service management solution with available patches.
