Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Microsoft has identified an active supply chain attack targeting the @antv node package manager (npm) package ecosystem. A threat actor compromised an @antv maintainer account and published malicious ...
Bitdefender

Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows

Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can execute ...
Security Boulevard

Technical Analysis of SnappyClient

IntroductionIn December 2025, Zscaler ThreatLabz identified a new command-and-control (C2) framework implant that we track as SnappyClient, which was delivered using HijackLoader. SnappyClient has an ...
LinkedIn

Kasefet: Building an Encrypted Storage Vault on an Orange Pi Zero (Design Notes)

A few months ago I built a small system I called Kasefet: a web-based encrypted file vault designed to run on an Orange Pi Zero. The point was not “a Flask demo.” The point was to build a usable, ...
GitHub

Encryption - Crypto 101

Why cryptography matters for security and CTFs The two main classes of cryptography and their uses RSA, and some of the uses of RSA 2 methods of Key Exchange Notes about the future of encryption with ...
The Hacker News

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each ...
Cloud Security Alliance

Evaluating PyRIT for Agentic AI Red Teaming

Evaluate the effectiveness of Microsoft’s Python Risk Identification Toolkit (PyRIT) for agentic AI red teaming. Address evolving autonomous AI system threats.
Bleeping Computer

From infostealer to full RAT: dissecting the PureRAT attack chain

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a ...
TheServerSide

Free AWS Developer practice exam questions and answers

Community driven content discussing all aspects of software development from DevOps to design patterns. Passing the AWS Certified Developer Exam is one of the best ways to demonstrate your skills as a ...
Security Boulevard

What is Encryption, Hashing, and Salting?

Encryption, hashing, and salting are the pillars of modern data protection. This guide breaks down what they are, how they work, and when to use each, complete with real-world examples and LoginRadius ...
WeLiveSecurity

BladedFeline: Whispering in the dark

In 2024, ESET researchers discovered several malicious tools in the systems used by Kurdish and Iraqi government officials. The APT group behind the attacks is BladedFeline, an Iranian threat actor ...