-
1 week ago | 
securitymagazine.com | Jordyn Alger
Noma Security research team has discovered a CVSS 8.8 vulnerability in Prompt Hub, a public repository within Langsmith for community-developed prompts. LangSmith, an observability and evaluation platform, provides a space for users to create, test, and observe large language model (LLM) applications.
-
1 week ago | 
securitymagazine.com | Jordyn Alger
Scania, a transport solution organization, has confirmed it faced a cybersecurity incident. The company has stated that the malicious actors leveraged compromised credentials to gain access to its Financial Services systems, allowing them to acquire insurance claim documents. The malicious actors have threatened to leak the online activity unless their demands are fulfilled.
-
1 week ago | 
securitymagazine.com | Jordyn Alger
Scattered Spider, who is believed to be responsible for several cyberattacks against the retail sector in recent months, has apparently shifted targets to the insurance sector.
-
1 week ago | 
securitymagazine.com | Jordyn Alger
Cyber defenses have grown more vital — and more complex — as artificial intelligence (AI) evolves. Critical infrastructure in particular is a key area where cybersecurity professionals need to dedicate their attention, as the disruption of this infrastructure can lead to lasting repercussions. Here, Security magazine talks with Vrajesh Bhavsar, CEO of Operant, about the importance of infrastructure-level protection as AI advances. Security: Tell us about your background and career.
-
1 week ago | 
securitymagazine.com | Jordyn Alger
Researchers at JFrog have discovered that the Python Package Index (PyPI) has a malicious package in its repository. This package is able to harvest developer-related data, such as credentials, configuration information, and environment variables. The package (called chimera-sandbox-extensions) has more than 140 downloads and likely targets users of the Chimera Sandbox service.
-
1 week ago | 
securitymagazine.com | Jordyn Alger
The Washington Post was the subject of a cyberattack, according to news broken by The Wall Street Journal. Among the affected employees were journalists covering topics such as national security and economic policy. “Attacks against journalists are a serious problem,” says Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. “In most cases, the journalist has to click on a rogue link and somehow get tricked into running the malware.
-
1 week ago | 
securitymagazine.com | Jordyn Alger
Research from Symantec and the Carbon Black Threat Hunter team reveals that the Fog ransomware group utilizes an uncommon toolset, including open-source pentesting utilities and Syteca, a legitimate employee monitoring software. Mr. Akhil Mittal, Senior Manager at Black Duck:The real danger in this case isn’t the ransom note — it’s how Fog turns a simple screen-recorder into a hidden camera.
-
2 weeks ago | 
securitymagazine.com | Jordyn Alger
Research shows that more than 40,000 Internet of Things (IoT) security cameras across the globe are exposed online. These cameras operate over HTTP or Real-Time Streaming Protocol (RTSP) and expose live feeds to any individual able to access the corresponding IP address — directly from a web browser. The HTTP-operating cameras depend on conventional web technology for video control and transmission, and are often found in homes or offices.
-
2 weeks ago | 
securitymagazine.com | Jordyn Alger
A cyberattack has targeted United Natural Foods Inc. (UNFI), the predominant food distributor for Whole Foods. In a notice regarding the incident, UNFI stated, “We have identified unauthorized activity in our systems and have proactively taken some systems offline while we investigate.” Currently, the organization is working to restore online systems. Below, security leaders discuss this cyberattack, with insights on attacker motivations as well as risk mitigation strategies.
-
2 weeks ago | 
securitymagazine.com | Jordyn Alger
SentinelLABS discovered and defended against a reconnaissance operation in October 2024, which targeted SentinelOne. At the start of 2025, researchers also observed and disrupted an intrusion against an organization that managed hardware logistics for its employees. After a comprehensive investigation of SentinelOne’s software, hardware and infrstructure, researchers confirmed the attackers were unsuccessful.
