%term

Weaponizing AI Coding Agents for Malware in the Nx Malicious Package Security Incident

Aug 27, 2025 By Liran Tal In Snyk

On August 26–27, 2025 (UTC), eight malicious Nx and Nx Powerpack releases were pushed to npm across two version lines and were live for ~5 hours 20 minutes before removal. The attack also impacts the Nx Console VS Code extension.

Read Post

Snyk

Read more about Weaponizing AI Coding Agents for Malware in the Nx Malicious Package Security Incident

Controlling non-human identities in your enterprise with One Identity

Aug 27, 2025 By One Identity by Quest In One Identity

With every organization vying to automate away their cybersecurity problems, it’s easy to allow the machine identities taking on formerly manual tasks to become entryways for threat actors. Learn the must-haves for securing the non-human identities streamlining your organization with One Identity sales engineer Rob Kraczek.

View Video

One Identity

Read more about Controlling non-human identities in your enterprise with One Identity

EP 14 - Beyond secrets: Securing the future of machine identity

Aug 27, 2025 By CyberArk In CyberArk

In this episode of Security Matters, host David Puner sits down with Matt Barker, CyberArk’s VP and Global Head of Workload Identity Architecture, for a deep dive into the exploding world of machine identities and the urgent need to rethink how to secure them. From his journey co-founding Jetstack and creating Cert Manager to leading CyberArk’s efforts in workload identity, Matt shares insights on why secrets-based security is no longer sustainable—and how open standards like SPIFFE are reshaping the future of cloud-native and AI-driven environments.

View Video

CyberArk

Read more about EP 14 - Beyond secrets: Securing the future of machine identity

Top Cybersecurity Tools for Small and Medium Businesses (SMBs)

Aug 27, 2025 By Ashley D'Andrea In Keeper

Cybercriminals frequently target Small and Medium-sized Businesses (SMBs) due to their limited security resources. As cyber attacks become more sophisticated, SMBs must proactively defend their critical systems and sensitive data by investing in the right cybersecurity tools. Some cybersecurity tools that every SMB should consider adding to their security stack include a password manager, a Privileged Access Management (PAM) solution, a secure remote access solution and a secrets manager.

Read Post

Keeper

Read more about Top Cybersecurity Tools for Small and Medium Businesses (SMBs)

Prompt Wizard

Aug 27, 2025 By Egnyte In Egnyte

Use the Prompt Wizard in Egnyte Copilot, Ask, and Knowledge Base to easily improve your AI prompts.

View Video

Egnyte

Read more about Prompt Wizard

CVE-2025-7775: Memory Overflow Vulnerability in Citrix NetScaler ADC and Gateway

Aug 27, 2025 By Tal Zamir In IONIX

On August 26th, 2025, Citrix patched CVE‑2025‑7775, a memory overflow vulnerability in NetScaler ADC and Gateway appliances that allows unauthenticated remote code execution (RCE) and/or denial-of-service. This threat is confirmed to be actively exploited in the wild. Citrix strongly emphasized that no mitigations exist aside from applying the patch immediately.

Read Post

IONIX

Read more about CVE-2025-7775: Memory Overflow Vulnerability in Citrix NetScaler ADC and Gateway

Popular nx packages compromised on npm

Aug 27, 2025 By Charlie Eriksen In Aikido

Last night, our automated Aikido Intel system alerted us that potentially malicious code was detected in some packages within the @nx scope, which include packages with as many as ~6 million weekly downloads. The scope and impact of this breach are significant, as the attacker chose to publish the stolen data directly on GitHub, rather than sending it to their own servers. This means that there’s a SIGNIFICANT amount of credentials that are publicly available on GitHub.

Read Post

Aikido

Read more about Popular nx packages compromised on npm

Malicious Screen Connect Campaign Abuses AI-Themed Lures for Xworm Delivery

Aug 27, 2025 By Bolesław Szołtysik, Chris Tomboc, Serhii Melnyk In Trustwave

During a recent Advanced Continual Threat Hunt (ACTH) investigation, the Trustwave SpiderLabs Threat Hunt team identified a deceptive campaign that abused fake AI-themed content to lure users into executing a malicious, pre-configured ScreenConnect installer.

Read Post

Trustwave

Read more about Malicious Screen Connect Campaign Abuses AI-Themed Lures for Xworm Delivery

Crypto's Biggest Scam: The $1.5B Bybit Hack by Lazarus Group

Aug 27, 2025 By WatchGuard Technologies In WatchGuard

Scam Week Spotlight: $1.5Billion… Gone in minutes. What looked like a “routine” transfer at Bybit became one of crypto’s biggest scams.

View Video

WatchGuard

Read more about Crypto's Biggest Scam: The $1.5B Bybit Hack by Lazarus Group

Coralogix Expands Unified Threat Intelligence Coverage

Aug 27, 2025 By Coralogix Team In Coralogix

Coralogix is excited to announce a major enhancement to our Unified Threat Intelligence (UTI) capabilities – now with expanded IOC matching beyond IPs. While our earlier focus was primarily on detecting malicious IP addresses, threats have evolved. Attackers now hide behind encrypted traffic, disposable domains, and polymorphic files. To stay ahead, we’ve normalized new critical fields – JA3, JA4, domain, URL, and file hash and integrated them into our UTI engine.

Read Post