SilentButDeadly is an open-source Windows tool that neutralizes EDR and AV visibility by cutting their cloud communications with Windows Filtering Platform filters instead of killing the agents. This article unpacks how SilentButDeadly discovers security processes, applies process-specific network blocks, disrupts services, and what defenders should monitor to detect and withstand similar EDR neutralization techniques.
Sprout is a Rust-based UEFI bootloader that pursues sub-second startup and data-driven policy. It reduces drift, speeds rollbacks, and clarifies failure modes. Secure-boot enablement is underway; teams should pilot now, prepare key management, and align firmware updates for a smooth transition to verified and measured boot.
A malicious npm package named “@acitons/artifact” impersonates @actions/artifact, hijacks GitHub Actions tokens via postinstall scripts, and attempts to publish artifacts as GitHub showcasing a precise software supply chain attack.
Cybersecurity researchers uncovered a North Korean operation that targets software developers by hiding malicious code inside public repositories.
The campaign, linked to Lazarus Group, uses fake developer tools and trojanized libraries to infiltrate development environments worldwide.
Security researchers have identified a new StealIt malware campaign abusing the NodeJS SingleFile module to exfiltrate sensitive data from compromised environments. This JavaScript-based threat demonstrates how legitimate developer tools can be turned into effective espionage vectors within open-source ecosystems.
Despite Cisco’s warnings, many ASA/FTD firewalls remain vulnerable. Simultaneously, threat actors claim they breached Red Hat’s GitLab instance. This article merges both crisis points and guides the fixes.
Hackers breached Red Hat and GitHub in coordinated attacks and stole customer data, underscoring risks even in widely trusted development platforms.
Australia’s eSafety Commissioner may classify GitHub as a social network and ban kids under 16 from using it. Officials argue GitHub’s social features resemble TikTok and Discord, but critics say the move could block young coders from learning and accessing open-source tools