Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On Wednesday night, the Indian cryptocurrency platform WazirX experienced a significant cyberattack, resulting in the theft of at least $230 million worth of cryptocurrency. The breach was first detected by several blockchain security companies, including Elliptic, Arkham, and BlockSec. These firms observed large amounts of digital coins being siphoned out of WazirX before the platform acknowledged the security breach.

Hackers often lurk around the most popular websites, looking for ways to exploit users. These sites include ticket purchasing, travel, e-commerce, and banking. Watering hole attacks continue to become a genuine threat to any user who frequently visits popular sites.”Hackers use malware, browser exploits, and DNS poison to lure users into exposing their login credentials or clicking on a malicious link.” Has a watering hole attack compromised your credentials, email, or phone?

In the world today, there is a plethora of critical data circulating the internet, leading to complex attacks like brute force attacks. Individuals who are after this data for the wrong purpose and who use brute force attacks to gain access to these data are called cyber attackers.

Cyber threats are increasing and, unfortunately, local and state government entities have become top targets. In 2023, the FBI reported that government entities were the third most-targeted sector by ransomware, and Arctic Wolf’s own research saw the average ransom for government organizations top $1 million USD. And that’s just one kind of cyber attack.

Secrets in collaboration tools are becoming prime targets for attackers. Reduce your attack surface by extending GitGuardian automated secrets detection capabilities to Slack, Jira, Confluence, or Microsoft Teams. Ensure security wherever your teams collaborate!

The CDK Global ransomware attack was first reported in June 2024. Ransomware infected CDK Global, a software vendor that serves thousands of North American car dealerships. This ransomware attack affected over 10,000 U.S. car dealerships, their employees and their customers.

Watching the recent Snowflake customer attacks unfold felt a bit like rewatching a horror movie with predictable attack sequences and missed opportunities to run to safety. But this time, the ending was far more devasting. More than 100 organizations were exposed, and many are now grappling with the impacts of data theft and extortion in what some are calling one of the largest breaches in history.

APIs can be vulnerable to a wide variety of attacks, such as poor inventory management and access controls, making them a primary target for attackers. Server-side request forgery (SSRF) is one type of attack that has become more prominent with the rising use of public clouds. This is primarily due to new development practices like using Instance Metadata Services (IMDS) to access valuable information about deployed instances, such as credentials.

This story starts when Sébastien Lorber, maintainer of Docusaurus, the React-based open-source documentation project, notices a Pull Request change to the package manifest. Here’s the change proposed to the popular cliui npm package: Specifically, drawing our attention to the npm dependencies change that use an unfamiliar syntax: Most developers would expect to see a semver version range in the value of a package or perhaps a Git or file-based URL.