Kirsten Doyle

A new draft from NIST, developed in collaboration with 14 industry partners, outlines how to build software with security baked in, not bolted on. This is part of a broader push to protect the software supply chain, and it’s open for public comment until 12 September 2025.  The guidelines are a response to Executive Order 14306, issued in June, which called for sustained action to strengthen national cybersecurity. NIST’s National Cybersecurity Center of Excellence (NCCoE) is leading the work through a newly formed Software Supply Chain and DevOps Security Practices Consortium. The goal is simple, if ambitious: help organizations build,…

An investigation from Sonatype has exposed a cyber-espionage campaign by North Korea’s infamous Lazarus Group, this time targeting the tools developers rely on every day.   Between January and July 2025, Sonatype blocked 234 unique malware-laden packages across the npm and PyPI ecosystems; a calculated assault on the trust that underpins open-source software. Disguised as popular developer utilities, these poisoned packages carried espionage implants designed to exfiltrate credentials, profile systems, and establish long-term backdoors. At last count, the campaign may have reached over 36,000 victims, and it’s still ongoing. “Open source has become the new attack surface,” Sonatype warns. “It’s not…

It starts with an ad. The branding looks familiar; Coinbase, Binance, OKX. The ad promises fast trading, high returns, or access to a new crypto platform. Click it, and you’re sent through a maze of redirects. At the end is a download: a Windows installer in .msi format. Behind this is JSCEAL, a malware campaign that’s been quietly active since March last year. It doesn’t use zero-days because it doesn’t need to. It hides in plain sight, behind sponsored ads and familiar logos. Check Point Research uncovered the campaign after tracking a spike in crypto-related malware infections across Europe. Their…

A newly documented attack on a US-based chemicals company is raising fresh concerns in the cybersecurity community, after researchers observed the first-known use of the evasive Auto-Color backdoor malware in conjunction with a critical SAP NetWeaver vulnerability, CVE-2025-31324. Discovered and contained by Darktrace, the incident involved a multi-stage attack where threat actors used the SAP vulnerability as an entry point to deploy the Auto-Color malware on Linux systems. The backdoor then attempted to persist by hijacking system processes,  but was thwarted by AI-driven detection and autonomous response. “This is a wake-up call for every organization running SAP,” said Jonathan Stross,…

Amazon has quietly disclosed a near-catastrophic AI security incident that, while not making headlines, should send chills through every cybersecurity professional. No outages or data stolen, but the risk was real, and it came from within. In its latest Security Bulletin AWS-2025-015, Amazon revealed an “unapproved code modification” buried inside the Amazon Q plugin for Visual Studio Code. At first glance, it appeared to be a routine code oversight. Dig deeper, alas, and there is something far more alarming. Security researchers at PointGuard AI uncovered the actual commit on GitHub; a hardcoded AI prompt designed to erase everything. Not just…

A newly discovered vulnerability in Google’s Gemini CLI, an AI-powered tool designed to help developers explore and write code from the command line, has exposed users to silent execution of malicious commands without their knowledge. The security research team at Tracebit uncovered how a clever mix of prompt injection, weak validation, and deceptive user experience could allow attackers to run harmful code on anyone’s machine simply by inspecting a compromised codebase with Gemini CLI. What Happened? Google released Gemini CLI on 25 June 2025, aiming to streamline coding workflows by enabling developers to interact with code through natural language commands…

Lurking in the shadow of the sleek platforms and subscription stacks we see today, lies a forgotten digital world. It’s populated by millions of inactive logins; remnants of fleeting curiosity or abandoned convenience. These are known as zombie accounts. According to a new survey by Secure Data Recovery, 94% of Americans have them.  Pandora, Groupon, Shutterfly, Tumblr. Once darlings of the digital age, they are now little more than names on a login screen that few remember. Secure Data Recovery’s study asked a simple question: what platforms have we left behind, and which ones left us wishing we hadn’t signed…

President Donald Trump has signed a trio of artificial intelligence-focused executive orders yesterday at an AI summit in Washington.  The event, a joint effort by the bipartisan Hill and Valley Forum and the All-In Podcast, hosted by Trump’s AI czar David Sacks and other tech investors, is seen as the administration’s most significant step yet toward formalizing its AI policy direction.  This was also Trump’s first major address on AI since the beginning of his second term. The executive orders are expected to feed directly into the forthcoming AI Action Plan, mandated by a January order that set a 180-day…

A misconfigured Elasticsearch server has exposed hundreds of millions of records tied to Swedish citizens and companies. No password. No firewall. Just open to the internet. The leak was discovered by Cybernews researchers. The server contained over 100 million records, spread across 25 indices. Some datasets were more than 200GB in size. The data ran from 2019 to 2024. It included:  Full names, including former names  Swedish personal identity numbers  Birth dates, gender, and civil status  Swedish and foreign address histories  Tax filings from the past five years  Income levels and employer information  Debt, defaults, bankruptcies  Property ownership indicators  Logs…

When cybercrime makes headlines, the conversation usually turns to ransomware payloads, zero-days, or patching lapses. But in the case of Scattered Spider, the threat isn’t just technological; it’s psychological. This group has elevated social engineering to a fine art, targeting the most vulnerable point in many entities: people. Since 2022, Scattered Spider (also tracked as UNC3944, 0ktapus, Muddled Libra, Scatter Swine, Octo Tempest, and Storm-0875) has launched targeted, high-impact campaigns that have cost companies like Qantas, Harrods, MGM, and Marks & Spencer hundreds of millions in damages. Their tactics rely less on technical exploits and more on strategic deception, identity…