CSO Online

TrapDoor malware campaign puts developer workstations in CISO spotlight

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

After 7 Million Investigations in Production, 7AI Widens the Gap in Agentic Security with PLAID ELITE and 100 New AI Jobs in Boston

AI, the company making AI agents work for security teams, today announced PLAID ELITE, its fully managed AI-native security operations offering, and 100 new AI jobs at its Boston headquarters. One ...

Vancouver’s Hiive, a fast-growing stock exchange for private companies, sued by Nasdaq spinoff

A leading American stock exchange for private companies is suing its Canadian rival for alleged patent infringement, ...

How Vancouver and Toronto are preparing for health risks of World Cup mass gatherings

Multi-agency simulation part of planning for worst cases that could include infectious disease outbreaks, extreme heat or ...