A surge in “sophisticated, high impact” ransomware attacks has prompted the United States’s Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC), and the Australian Cyber Security Center to issue a joint advisory about the techniques being used by cybercriminals to attack businesses and organisations.

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to detect and avert potential software supply chain security threats. After validating the findings, the team reports any security vulnerabilities or malicious packages discovered to repository maintainers and the wider community.

Zero day attacks consist of almost 80% of all malware attacks. Take a look at some recent attacks and learn how to prevent them. You work hard to secure your business network. Yet determined hackers probe persistently until they find a software vulnerability you don’t know about. They use this previously unknown and unpatched flaw.

2021 brought a new wave of cyberattacks that proved to be detrimental to the era of digitization. With more and more industries embracing work from home and treading into the digital world, an increase in network vulnerabilities is inevitable; however, neglecting to address these unseen vulnerabilities can make organizations targets for cybercriminals.

The flip side of ubiquitous digital transformation and increased reliance on remote work due to the pandemic is that malicious actors get more opportunities to strike. Security perimeters are no longer distinct, and the range of potentially vulnerable enterprise assets is dynamically swelling. As a result, companies big and small are sailing into the perfect storm of cybercrime.

The flip side of ubiquitous digital transformation and increased reliance on remote work due to the pandemic is that malicious actors get more opportunities to strike. Security perimeters are no longer distinct, and the range of potentially vulnerable enterprise assets is dynamically swelling. As a result, companies big and small are sailing into the perfect storm of cybercrime.

In 2021, the WhiteSource Diffend automated malware detection platform detected and reported more than 1,200 malicious npm packages that were responsible for stealing credentials and crypto, as well as for running botnets and collecting host information from machines on which they were installed.

BlackCat (also known as ALPHV) is a relatively new ransomware-as-a-service (RaaS) operation, which has been aggressively recruiting affiliates from other ransomware groups and targeting organisations worldwide.

Your Microsoft 365 data is a prime target for ransomware. Attackers know that Microsoft 365 lives directly in the path of business-critical operations now more than ever. As highlighted by Mandiant – one of the industry's leading cyber security firms – this translates to “targeted threat groups investing a lot of time and money into understanding Office 365 and understanding how to attack it.”