Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Add as a preferred source on Google
Security
DuckDB Packages Compromised in Latest NPM Supply Chain Attack

DuckDB Packages Compromised in Latest NPM Supply Chain Attack

The NPM supply chain attack targeting major JavaScript packages has claimed another victim, with popular database library DuckDB confirming that four…
Adobe Rushes Emergency Fix for Zero-Auth E-commerce Takeover Flaw

Adobe Rushes Emergency Fix for Zero-Auth E-commerce Takeover Flaw

Adobe has issued an emergency patch for a devastating security flaw dubbed " SessionReaper " ( CVE-2025-54236 ) that threatens hundreds of …
GhostAction Attack Exposes 3,325 Developer Secrets in Massive GitHub Supply Chain Breach

GhostAction Attack Exposes 3,325 Developer Secrets in Massive GitHub Supply Chain Breach

A supply chain attack dubbed " GhostAction " has compromised 327 GitHub users across 817 repositories, successfully exfiltrating 3,325 sens…
AI-Powered Nx Supply Chain Attack Exposes Thousands of Corporate Secrets

AI-Powered Nx Supply Chain Attack Exposes Thousands of Corporate Secrets

Malicious npm packages leveraged Claude, Gemini, and Amazon Q to hunt for sensitive files, impacting over 1,700 users A sophisticated supply chain a…
Largest NPM Hack in History - Supply Chain Attack, Targets Crypto Wallets

Largest NPM Hack in History - Supply Chain Attack, Targets Crypto Wallets

A sophisticated phishing attack has compromised popular NPM packages with over 2 billion combined weekly downloads, injecting cryptocurrency-stealing…
Salesloft Breach – Mandiant Investigation Exposes 6-Month Cyber Campaign

Salesloft Breach – Mandiant Investigation Exposes 6-Month Cyber Campaign

Major cybersecurity companies remain exposed after a sophisticated supply chain attack compromised OAuth tokens, with the investigation now revealing…
12 Rogue Certificates Issued for Cloudflare's 1.1.1.1 DNS Put Millions at Risk

12 Rogue Certificates Issued for Cloudflare's 1.1.1.1 DNS Put Millions at Risk

A massive security lapse has left millions of internet users vulnerable to DNS query interception after a certificate authority (CA) improperly issue…
8-Year-Old Sample Key Exposes Thousands of Sitecore Websites to Hackers

8-Year-Old Sample Key Exposes Thousands of Sitecore Websites to Hackers

Cybersecurity researchers at Google's Mandiant have uncovered an active exploitation campaign targeting Sitecore deployments using a sample encry…
New China-Linked Hackers Deploy Stealth Backdoors to Poison Google Search Results

New China-Linked Hackers Deploy Stealth Backdoors to Poison Google Search Results

Security researchers have uncovered a sophisticated new threat actor exploiting Windows servers worldwide to manipulate Google search rankings while …
Pentest Services: A Comprehensive Guide for Modern Security Needs

Pentest Services: A Comprehensive Guide for Modern Security Needs

Cybersecurity is no longer just an IT issue – it’s a board-level concern. With cloud adoption, digital transformation, and remote work reshaping infr…
Major Cybersecurity Firms Hit by Salesloft Drift Supply Chain Attack

Major Cybersecurity Firms Hit by Salesloft Drift Supply Chain Attack

A sophisticated supply chain attack targeting the Salesloft Drift application has compromised Salesforce data from major cybersecurity companies, in…
WhatsApp Patches Actively Exploited 0day Flaw

WhatsApp Patches Actively Exploited 0day Flaw

WhatsApp has rushed to patch a critical zero-day vulnerability that was actively exploited in targeted cyberattacks against journalists, activists, a…
China's Salt Typhoon Hackers Expose Global Telecom Networks in Massive

China's Salt Typhoon Hackers Expose Global Telecom Networks in Massive

A massive international cybersecurity advisory involving 13 countries has exposed the unprecedented scope of Chinese state-sponsored cyber espionage …
WhatsApp AI Features Get Security Overhaul, Critical Flaws Fixed

WhatsApp AI Features Get Security Overhaul, Critical Flaws Fixed

Meta has addressed critical security vulnerabilities in its upcoming WhatsApp AI features, following an independent audit by cybersecurity firm Trail…
AI-Powered Ransomware 'PromptLock' Marks New Era of Cyber Threats

AI-Powered Ransomware 'PromptLock' Marks New Era of Cyber Threats

Cybersecurity researchers at ESET have uncovered the first known AI-powered ransomware, signaling a dangerous evolution in cybercriminal tactics that…
Google Mandates Developer Verification for All Android Apps to Combat Rising Malware Threats

Google Mandates Developer Verification for All Android Apps to Combat Rising Malware Threats

Google is implementing a groundbreaking security measure that will require all Android apps to be registered by verified developers before installati…
Major Data Breach Exposes Thousands of Salesforce Customers Through Compromised Third-Party App

Major Data Breach Exposes Thousands of Salesforce Customers Through Compromised Third-Party App

A sophisticated threat actor has successfully infiltrated numerous Salesforce customer instances through compromised OAuth tokens (authentication cre…
Critical Tableau Server Flaws Allow Attackers to Execute Malicious Code on Enterprise Systems

Critical Tableau Server Flaws Allow Attackers to Execute Malicious Code on Enterprise Systems

Salesforce has disclosed five critical security vulnerabilities in Tableau Server and Desktop that could allow attackers to execute arbitrary code an…
Critical Android GPU Bug Grants Hackers "God Mode" Access to Device Memory

Critical Android GPU Bug Grants Hackers "God Mode" Access to Device Memory

A critical security flaw in Qualcomm's Adreno GPU drivers has been discovered that allows attackers to gain complete control over Android devices…
Hackers Breach Nation-State APT Group, Dump Entire Arsenal of Government Attack Tools

Hackers Breach Nation-State APT Group, Dump Entire Arsenal of Government Attack Tools

In what security experts are calling the most significant breach of a nation-state cyber operator since the iSoon leak earlier this year, two mysteri…