In a devastating cybersecurity breach on February 21, 2025, cryptocurrency exchange Bybit suffered a massive attack resulting in the theft of approximately $1.5 billion in digital assets. Cybersecurity investigators have attributed the sophisticated operation to North Korea’s notorious Lazarus Group, marking one of the largest cryptocurrency heists in history. Technical Analysis of the Smart Contract … Read more

Microsoft has taken decisive action to protect Visual Studio Code users by removing two widely-used extensions from its official marketplace: Material Theme – Free and Material Theme Icons – Free. The security intervention came after the discovery of potentially malicious code in these popular developer tools, which had accumulated nearly 9 million downloads combined. Security … Read more

Palo Alto Networks researchers have identified a sophisticated new Linux malware strain dubbed “Auto-Color,” which has been actively targeting educational and government institutions across North America and Asia. The malware campaign, observed between November and December 2024, demonstrates unprecedented technical complexity and advanced evasion capabilities, marking a significant evolution in Linux-targeted threats. Technical Analysis of … Read more

Kaspersky’s Global Research and Analysis Team (GReAT) has uncovered a sophisticated malware distribution campaign leveraging GitHub’s platform to spread malicious code disguised as legitimate open-source projects. The operation, dubbed GitVenom, has compromised over 200 repositories, marking a significant escalation in threat actors’ abuse of trusted development platforms. Attack Vector and Social Engineering Tactics The threat … Read more

In a significant move to enhance user account security, Google has announced plans to gradually discontinue SMS-based two-factor authentication (2FA) in favor of more sophisticated verification methods. This strategic shift reflects growing concerns about the vulnerabilities inherent in SMS-based authentication systems and aligns with current cybersecurity best practices. The Evolution and Limitations of SMS Authentication … Read more

Google Cloud has unveiled a groundbreaking advancement in data security with the introduction of quantum-resistant digital signatures in its Cloud Key Management Service (Cloud KMS). This preview release implements cutting-edge post-quantum cryptography standards developed by the National Institute of Standards and Technology (NIST), marking a significant milestone in protecting sensitive data against future quantum computing … Read more

OpenAI has recently uncovered and blocked multiple accounts linked to prominent North Korean state-sponsored hacking groups that were leveraging ChatGPT for cyber attack preparation. The February threat intelligence report reveals how these threat actors utilized artificial intelligence capabilities to conduct target research and develop sophisticated system penetration methodologies. Advanced Persistent Threat Groups Identified Through collaboration … Read more

Cybersecurity researchers at Socket have uncovered a significant security threat in the Python Package Index (PyPI), identifying a malicious package named “automslc” that has accumulated over 100,000 downloads since 2019. The package has been specifically designed to bypass Deezer’s security measures, enabling unauthorized access to protected content on the popular music streaming platform that serves … Read more

Have I Been Pwned (HIBP), the leading data breach monitoring service, has significantly expanded its database with the addition of over 284 million compromised accounts discovered in infostealer logs distributed through Telegram channels. This massive update represents one of the most substantial additions to the platform’s repository of compromised credentials. Unprecedented Scale of Compromised Data … Read more

Google’s aggressive implementation of Manifest V3 for Chrome extensions marks a significant shift in browser security architecture, forcing popular security tools, including the widely-used uBlock Origin, to either adapt or cease operations. This transition represents one of the most substantial changes to Chrome’s extension ecosystem in recent years, with far-reaching implications for user privacy and … Read more