Graham Cluley

Smashing Security podcast #458: How not to steal $46 million from the US government

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn’t stirred since 2024 – and within ...
CSO Online

North Korean fake IT worker tradecraft exposed

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies into hiring North Koreans.

Shelved border-security bill to be reintroduced with changes after concerns over police powers

Original version of Bill C-2 would have granted the police and spy agency powers to demand information about services Canadians have used ...
Cyber Daily

Exclusive: DragonForce ransomware group publishes Hazeldenes employee data to darkweb

Passport scans, confidentiality agreements, and photos of processing works published by hackers following a February attack ...

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
Computer Weekly

Iran war a melting pot for other cyber threats

State-backed cyber threat actors from non-combatant states are taking advantage of the Israeli-US war on Iran to fulfil their own goals, according to Proofpoint analysts.