The financially motivated threat actor known as UNC2891 has been observed targeting Automatic Teller Machine (ATM) infrastructure using a 4G-equipped Raspberry Pi as part of a covert attack. The cyber-physical attack involved the adversary leveraging their physical access to install the Raspberry Pi device and have it connected directly toRead More »UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud

Security Operations Centers (SOCs) are stretched to their limits. Log volumes are surging, threat landscapes are growing more complex, and security teams are chronically understaffed. Analysts face a daily battle with alert noise, fragmented tools, and incomplete data visibility. At the same time, more vendors are phasing out their on-premisesRead More »Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs

Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. “The vulnerability we discovered was remarkably simple to exploit — by providing only a non-secret app_id value to undocumented registration andRead More »Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line “[PyPI] Email verification” that are sent from the emailRead More »PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain

A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter’s dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February 2025, is the latest entrant in the ransomware landscape toRead More »Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims