Business

A close look at attacks on LLMs: from ChatGPT and Claude to Copilot and other AI-assistants that power popular apps.

A new large-scale attack on a popular JavaScript code registry has hit around 150 packages. The automatic propagation of the threat makes it especially dangerous — developers need to react ASAP.

Unknown attackers have compromised several popular npm packages in a supply-chain attack.

Most employees are already using personal LLM subscriptions for work tasks. How do you balance staying competitive with preventing data leaks?

WordPress sites are increasingly becoming targets of attacks exploiting vulnerabilities in plugins and themes. In this post, we examine recent cases and share protection tips.

A popular developer tool has been trojanized and is uploading secrets to public GitHub repositories. We discuss what’s important to know for both developers and cybersecurity services.

How attackers can hijack your computer through its webcam — and how to stop it.

Attackers spin poignant tales of lost private keys as they try to phish seed phrases.

Google experts have demonstrated how complex hardware vulnerabilities in CPUs can be effectively exploited.

Researchers have devised a theoretical attack to steal private encryption keys through monitoring standard CPU and OS behavior.

Companies need to build a culture of security, but this is impossible when employees are afraid to discuss incidents or suggest improvements.

Using anomalies in the behavior of users, devices, applications, and other entities to detect cyberthreats.

Attackers are sending phishing emails to developers of PyPi packages and Firefox add-ons.

We dive into which corporate systems support passkeys, where compatibility falls short, and why we probably won’t be saying goodbye to passwords anytime soon.

Regulation and the evolving threat landscape are driving companies to adopt more resilient forms of employee authentication. Are passkeys a cost-effective and straightforward replacement for traditional passwords?

Causes of discrepancies in Common Vulnerability Scoring System ratings, common mistakes when using CVSS for vulnerability prioritization, and how to do this right.

Two critical zero-day vulnerabilities in SharePoint are actively exploited by attackers in real-world attacks.

A curious case of spear-phishing email techniques employed on a mass scale.

How the research tool Defendnot disables Microsoft Defender by registering a fake antivirus, and why you shouldn’t always trust what your operating system says.

This is a story of how a blockchain developer lost US$500 000 to a fake Solidity extension from the Open VSX marketplace.

How cybercriminals can exploit your online store — and how to stop them.