During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages reached one in 10 cloud environments, according to

It’s about to get a lot harder for private companies that are lax on cybersecurity to get a contract with the Pentagon, as the Defense

The US Department of Defense, up until this week, routinely left its social media accounts wide open to hijackers via stream keys – unique, confidential

Exclusive Sensitive info from hundreds of thousands of gym customers and staff – including names, financial details, and potentially biometric data in the form of

Streaming platform Plex is warning some users to reset their passwords after suffering yet another breach. The popular media server provider, which people definitely use

Finnish phone maker HMD Global is launching a business unit called HMD Secure to target governments and other security-critical customers, and has its first device

App security outfit Checkmarx says automated reviews in Anthropic’s Claude Code can catch some bugs but miss others – and sometimes create new risks by

Business Security Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a prevention-first cybersecurity strategy

Tech companies will be legally required to prevent content involving self-harm from appearing on their platforms – rather than responding and removing it – in

Encrypted messaging app Signal is rolling out a free storage system for its users, with extra space if folks are willing to pay for it.

WhatsApp’s former head of security, Attaullah Baig, has filed a lawsuit against its parent company, Meta, alleging that the social media megalith retaliated against him

The US federal government employs tens of thousands of cybersecurity professionals at a cost of billions per year – or at least it thinks it

The Salesloft Drift breach that compromised “hundreds” of companies including Google, Palo Alto Networks, and Cloudflare, all started with miscreants gaining access to the Salesloft

The Salesloft Drift breach that compromised “hundreds” of companies including Google, Palo Alto Networks, and Cloudflare, all started with miscreants gaining access to the Salesloft

Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two-factor authentication protecting his npm

Security researchers have uncovered dozens of domains used by Chinese espionage crew Salt Typhoon to gain stealthy, long-term access to victim organizations going back as

US courts have warned of delays as PACER, the system for accessing court documents, struggles to support users enrolling in its mandatory MFA program. Several

Infosec in brief The US Cybersecurity and Infrastructure Security Agency (CISA) has said two flaws in routers made by Chinese networking biz TP-Link are under