%term

The NotPetya attack: What it teaches us about cyber survival

Mar 25, 2026 By Sharon Natasha Francis In ManageEngine

In June 2017, the world witnessed one of the most destructive cyberattacks in history: the NotPetya attack. Unlike traditional ransomware, NotPetya was a wiper. Once it infected a system, recovery was impossible. The ransom demand was a ruse because no decryption keys were ever made available. The true intent of the attackers was to cause disruption and damage. Nearly a decade later, NotPetya is considered a turning point in how organizations approach backup and recovery. The threat has only grown.

Read Post

ManageEngine

Read more about The NotPetya attack: What it teaches us about cyber survival

How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack

Mar 25, 2026 By Guillaume Valadon In GitGuardian

Learn how to detect compromise, assess your exposure to the LiteLLM supply chain attack, and use GitGuardian to orchestrate rapid incident response and secret remediation.

Read Post

GitGuardian

Read more about How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack

TeamPCP Supply Chain Attack Campaign Targets Trivy, Checkmarx (KICS), and LiteLLM (Potential Downstream Impact to Additional Projects)

Mar 25, 2026 By Andres Ramos In Arctic Wolf

The threat actor TeamPCP has recently launched a coordinated campaign targeting security tools and open-source developer infrastructure by pivoting with stolen CI/CD secrets and signing credentials (such as GitHub Actions tokens and release signing keys). At the time of writing, repositories for Trivy, Checkmarx, and LiteLLM have been impacted, and reports indicate that at least 1,000 enterprise software-as-a-service (SaaS) environments may be affected by this threat campaign.

Read Post

Arctic Wolf

Read more about TeamPCP Supply Chain Attack Campaign Targets Trivy, Checkmarx (KICS), and LiteLLM (Potential Downstream Impact to Additional Projects)

Gcore Radar report reveals 150% surge in DDoS attacks year-on-year

Mar 24, 2026 By Gcore

Gcore data highlights a threat landscape defined by newfound automated attack capabilities, scale, and frequency.

Read Post

Read more about Gcore Radar report reveals 150% surge in DDoS attacks year-on-year

How To Protect Patient Data From Phishing Attacks

Mar 24, 2026 By Ashley D'Andrea In Keeper

According to HIPAA Journal, phishing remains one of the most common and effective attack methods used against healthcare organizations and is a leading cause of healthcare data breaches. As healthcare becomes more digital, cybercriminals increasingly target clinicians and administrative staff to access Electronic Health Records (EHRs) and other Protected Health Information (PHI).

Read Post

Keeper

Read more about How To Protect Patient Data From Phishing Attacks

The Hidden Third-Party Risks Behind Domain Hijacking

Mar 23, 2026 By Emma Stevens In BitSight

Domains are foundational to digital trust. You visit your favorite online store or log in to your email without thinking twice about the web address in your browser. But what happens if that domain has been hijacked and you have just entered your personal information into an attacker’s trap?

Read Post

BitSight

Read more about The Hidden Third-Party Risks Behind Domain Hijacking

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

Mar 21, 2026 By Tom Abai In Mend

On March 20, 2026 at 20:45 UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden malicious code. What they had caught was CanisterWorm, a self-spreading npm worm deployed by the threat actor group TeamPCP. We track this incident as MSC-2026-3271.

Read Post

Mend

Read more about CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise

Mar 20, 2026 By Adam Cardillo - Ben Ellett - Travis Lowe - Radu-Emanuel Chiscariu In CrowdStrike

While investigating a spike in script execution detections across several CrowdStrike Falcon platform customers, CrowdStrike’s Engineering team traced the activity to a compromised GitHub Action named aquasecurity/trivy-action. This popular open-source vulnerability scanner is frequently used in CI/CD pipelines.

Read Post

CrowdStrike

Read more about From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise

SIP Trunking Security in 2026: What Enterprises Must Know Before Their Next Breach

Mar 19, 2026 By SecuritySenses In SecuritySenses

Telecom fraud exceeded an estimated $41.82 billion in losses in 2025 - and a substantial share of that exposure runs directly through SIP trunks. The SIP trunking market itself reached $73.14 billion that same year, and is projected to more than double to $157.91 billion by 2030, according to Mordor Intelligence. That collision of rapid adoption and surging fraud is not a coincidence. Enterprises are migrating voice infrastructure to IP-based systems faster than security teams are adapting their threat models to cover them. In 2026, SIP trunking is business-critical infrastructure.

Read Post

SecuritySenses

Read more about SIP Trunking Security in 2026: What Enterprises Must Know Before Their Next Breach

So Many AI Attacks, It Made Quantum Seem Easy

Mar 17, 2026 By Roger Grimes In KnowBe4

As I was writing my latest book, How AI and Quantum Impact Cyber Threats and Defenses, I was hit by how many theoretical and real attacks there are involving AI. There are attacks committed by AI and attacks committed agsinst AI, and I’m not sure which category is bigger.

Read Post