1K+ cloud environments infected following Trivy supply chain attack
Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy supply-chain attack last week, and now the crims that compromised the open source scanners are working with notorious extortion crews like Lapsus$. "We know of over 1,000 impacted SaaS environments right now that are actively dealing with this particular threat actor," Mandiant Consulting CTO Charles Carmakal said during a Google event during the annual RSA Conference. READ MORE...
Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector
Poland experienced 2½ times more cyberattacks in 2025 compared to the previous year, and the numbers are constantly rising, a government official said Tuesday. The attacks included a destructive infiltration of the country's energy system in December that was believed to be unprecedented among NATO and European Union members, and was suspected of originating in Russia. Over the last year, Poland was the target of 270,000 cyberattacks. READ MORE...
Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit
Hard on the heels of a broad supply chain attack that impacted the Aqua Security-maintained Trivy open source security-scanner project, Checkmarx on Tuesday disclosed that attackers had compromised a version of Keeping Infrastructure as Code Secure (KICS), the open source static code analysis project that it develops and maintains. Specifically, the cybercriminals infiltrated KICS GitHub Action, which organizations use to run KICS scans within their CI/CD pipelines. READ MORE...
GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead
A widespread AI-assisted campaign promoting an OpenClaw Docker deployer package is spreading more than 300 Trojanized GitHub packages targeting developers and gamers alike with a data-stealing Trojan. Identified by Netskope Threat Labs, the campaign, tracked as "TroyDen's Lure Factory," operates across multiple repositories on the developer site and includes various packages hiding behind a plethora of lures. READ MORE...
DoE Publishes 5-Year Energy Security Plan
Energy, especially electricity, could be described as the most critical industry - all other critical industries are fundamentally dependent on access to energy. It is essential for peoples' daily lives (citizens), business operation (economy), and national security (the nation). As such, it is a primary target for criminals, hacktivists, and adversarial nation state actors. CESER, part of the U.S. Department of Energy, has published a three-pronged 5-year security plan. READ MORE...
Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw
It's only on rare occasions that anyone pays attention to the acknowledgment section of a vulnerability disclosure. But for the person who found the bug, it's often the conclusion of hours of work, searching for recognition, and finally seeing the vulnerability get patched. Bug hunters are doing us all a huge favor when they responsibly disclose a vulnerability to the vendor. This week we talked to Khaled Mohamed, the bug bounty hunter who found CVE-2026-26123, a flaw in Microsoft Authenticator. READ MORE...
- ...in 1655, Saturn's largest moon, Titan, is discovered by Dutch scientist Christiaan Huygens using only a 50 power refracting telescope of his own design.
- ...in 1807, British Parliament passes the Slave Trade Act, abolishing the slave trade in the British Empire.
- ...in 1969, John Lennon and Yoko Ono hold their first "Bed-In for Peace" at the Amsterdam Hilton, lasting for a full week.
- ...in 1995, computer programmer Ward Cunningham launches WikiWikiWeb, the world's first user-created "wiki" website community.
