Skip to main content

Tag: automated attacks

5 articles

Server racks in a brightly-lit data center with a single blurred-out laptop in the foreground.

Azure CLI Hit by Massive Password Spray Attack Targeting 78 Accounts

In a staggering display of cyber aggression, a threat actor launched a massive password spray attack on Microsoft's Azure CLI, racking up over 81 million login attempts and breaching at least 78 accounts across 64 organizations in just two weeks. The relentless campaign, which unfolded between June 12 and June 26, successfully compromised accounts at an alarming rate of two to four per day, with some days seeing spikes of up to 30 breaches.

Analyst 207
Software development workspace with laptop, screens, and tools, hinting at network infrastructure.

Miasma Malware Poisons Over 20 npm Packages

In a lightning-fast attack, hackers poisoned over 20 npm packages with Miasma malware, completing the coordinated operation in under three seconds. The attackers compromised an npm maintainer account to publish tainted updates to popular packages.

Analyst 207
Developer workspace with laptop, terminal, and notes, hinting at software installation.

GitHub Bolsters npm Security to Thwart Supply-Chain Attacks

GitHub's upcoming npm v12 update is a game-changer for supply-chain security, as it will require explicit approval for automated actions like install scripts and dependency resolution that are often exploited by attackers. This move aims to shut down common code-execution paths and give developers, CI/CD pipelines, and security teams greater control over their code.

Analyst 207
A WordPress dashboard screen with a cracked laptop keyboard in the foreground, symbolizing site vulnerability.

Hackers Exploit Everest Forms Pro Flaw to Hijack WordPress Sites

More than 29,300 attempted hacks have been blocked by Wordfence, revealing a surge in automated attacks exploiting a critical flaw in the Everest Forms Pro plugin, tracked as CVE-2026-3300. This alarming number highlights the urgent need for WordPress site owners to safeguard against this vulnerability.

Analyst 207
Blurred laptop screen and documents on a desk in a typical office setting.

AI-Built Ransomware Toolkit Evades EDR Solutions with Automated Attacks

Sophos researchers uncovered a sophisticated AI-built ransomware toolkit that cleverly evades detection by automated security solutions, triggering alerts only after it had already compromised a customer system. The toolkit's sinister purpose was revealed through investigation, which found references to a ransom note and a list of targeted organizations on a dark web leak site.

Analyst 207