May 03, 2025Ravie LakshmananMalware / Operational Technology An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years. The activity, which lasted from at least May 2023 to February 2025, entailed “extensive espionage operations and suspected network … Read more
Apr 24, 2025Ravie LakshmananMalware / Threat Intelligence At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest … Read more
“Vibe coding,” a recent trend of using large language models (LLMs) to generate code based on plain-language prompts, can yield code that is vulnerable to up to nine out of the top 10 weaknesses in the Common Weakness Enumeration (CWE), according to Backslash Security.Vibe coding, while only gaining popularity within the last few months, is … Read more
Mar 19, 2025Ravie LakshmananVulnerability / Network Security Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems. “These vulnerabilities, if exploited, could grant unauthorized access to industrial control … Read more
Millions of the cryptographic digital certificates that secure internet communications and software updates have serious flaws that can be exploited, a presentation at the Keyfactor Tech Days conference in Miami last week demonstrated.”You stand up a web server, your customers come to you, a little lock pops up,” Keyfactor Chief Security Officer Chris Hickman told … Read more