Cyber Security – Page 18 – Simply Secure Group

Malicious Script Injection in Trivy Compromise Enables Credential Theft

Malicious Script Injection in Trivy Compromise A sophisticated supply chain attack targeting the official Trivy GitHub Action (aquasecurity/trivy-action) has compromised continuous integration and continuous deployment (CI/CD) pipelines globally. Disclosed in late March 2026, this incident marks the second distinct compromise affecting the Trivy ecosystem within a single month. Threat actors successfully force-pushed 75 out of […]

FBI, CISA Warn Russian Hackers Are Targeting High-Value Individuals Through Signal

FBI, CISA Warn Russian Hackers The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released a joint cybersecurity advisory regarding a widespread phishing campaign. The alert warns that Russian Intelligence Services are actively targeting users of encrypted messaging applications, primarily Signal. The attackers are bypassing the platform’s robust […]

Chrome Security Update Fixes 26 Vulnerabilities Allowing Remote Code Execution

Google has released a substantial security update for its Chrome web browser, addressing 26 distinct vulnerabilities that could allow unauthenticated attackers to execute malicious code remotely. The latest Stable channel update rolls out versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS, while Linux users will receive version 146.0.7680.153. This critical patch cycle is designed to […]

Anthropic Launches Projects Feature for Claude Cowork Desktop

Anthropic is expanding Claude Cowork Desktop with a new Projects feature designed to keep files, instructions, and task context organized inside a single workspace. For paid users, the update makes it easier to start from scratch, import an existing chat, or connect a local folder so Claude can continue work without losing the thread between […]

Windows 11 March Update Breaks Microsoft Teams and OneDrive Sign-Ins

Windows 11 March Update Breaks Teams Microsoft has acknowledged a significant bug introduced by its March 2026 cumulative update that is preventing users from signing into Microsoft Teams Free, OneDrive, and several other Microsoft applications on Windows 11 devices. The issue, tied to the KB5079473 update released on March 10, 2026, has left affected users […]

Hackers Compromised 7,500+ Magento Websites to Upload Hidden Malicious Files and Steal Data

A sweeping cyberattack campaign has compromised more than 7,500 Magento-powered e-commerce websites since late February 2026, with attackers uploading hidden malicious files into publicly accessible web directories across thousands of domains. The attack has spread to over 15,000 hostnames, affecting commercial brands, government agencies, universities, and non-profit organizations spanning multiple countries, making it one of […]

New VoidStealer Variant Bypasses Chrome ABE Without Injection or Privilege Escalation

A newly identified variant of the VoidStealer infostealer has drawn serious attention from the security community after it became the first malware known to bypass Google Chrome’s Application-Bound Encryption (ABE) without requiring code injection or elevated system privileges. The variant, introduced in VoidStealer version 2.0 on March 13, 2026, uses a debugger-based technique to silently […]

SILENTCONNECT Uses VBScript, PowerShell and PEB Masquerading to Deploy ScreenConnect

SILENTCONNECT is a newly discovered multi-stage malware loader that has been silently targeting Windows machines since at least March 2025. It uses VBScript, in-memory PowerShell execution, and PEB masquerading to install the ConnectWise ScreenConnect remote monitoring and management tool on victim systems. Once deployed, ScreenConnect gives the attacker full hands-on keyboard control over the compromised […]

CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks

CISA Warns Zimbra Collaboration Suite Vulnerability Exploit CISA has added a high-severity vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-66376, this security flaw is currently facing active exploitation in the wild. Organizations utilizing Zimbra must urgently prioritize remediation to prevent unauthorized access and potential data compromise. […]

WaterPlum Deploys New StoatWaffle Malware in VSCode-Based Supply Chain Campaign

A North Korea-linked hacking group known as WaterPlum has introduced a dangerous new malware called StoatWaffle, deploying it through compromised Visual Studio Code (VSCode) repositories disguised as legitimate blockchain development projects to silently infiltrate developer machines. WaterPlum has been running a campaign known as “Contagious Interview” for some time, drawing victims in through fake job […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.