11 Mar 2026
By Mary

InfoSec News Nuggets 03/11/2026

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets Researchers at Socket have uncovered five malicious Rust packages published to crates.io — chrono_anchor, dnp3times, time_calibrator, time_calibrators, and time-sync — that masquerade as legitimate time-synchronization utilities while silently harvesting developer credentials from .env files and exfiltrating them to attacker-controlled infrastructure hosted under the lookalike domain "timeapis[.]io." All five crates are assessed to be the work of a single threat actor based…
Read More
03 Feb 2026
By Mary

InfoSec News Nuggets 02/03/2026

APT28 Leverages CVE-2026-21509 in Operation Neusploit A ThreatLabz writeup on a campaign attributed to APT28 using weaponized RTF files to exploit CVE-2026-21509 and drop multiple payloads. Notes include targeting in Ukraine, Slovakia, and Romania, plus timelines around Microsoft’s out-of-band fix and observed exploitation.   Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340) Exploitation details and practical remediation notes for Ivanti EPMM, including the impact of the two CVEs and…
Read More
21 Mar 2024
By Mary

InfoSec News Nuggets 3/21/2024

Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20 and 40, are said to be part of an organized criminal group living in different parts of the country. If convicted, they face up to 15 years in prison. The accounts, authorities said, were…
Read More
08 Feb 2024
By Mary

InfoSec News Nuggets 2/8/2024

Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities  oogle today announced a grant of $1 million to the Rust Foundation, meant to help improve the interoperability between Rust and C++ code. The internet giant joined the Rust Foundation in 2021, for the same reason, and has adopted the memory-safe programming language across Android and other Google products, due to its benefits for addressing memory safety vulnerabilities. “Based on historical vulnerability density statistics, Rust…
Read More
06 Feb 2024
By Mary

InfoSec News Nuggets 2/6/2024

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan  The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been publicly confirmed as targeted, out of whom six had their devices compromised with the mercenary surveillanceware tool. The infections are estimated to have taken…
Read More
23 Aug 2023
By Mary

InfoSec News Nuggets 08/23/2023

'Cuba' Ransomware Group Uses Every Trick in the Book  In June, Russian ransomware group Cuba attacked an organization servicing US critical infrastructure. The cyberattack failed despite the group's use of multiple CVEs, off-the-shelf tools, unique malware programs, and evasion methods. Cuba is a financially motivated threat actor known for big money ransomware attacks primarily targeting US organizations. In its latest known campaign discovered by BlackBerry, it targeted an American critical infrastructure provider as well as a systems…
Read More