Enterprise Security Tech

A brief but high-impact compromise of CPUID’s official website has exposed a growing weakness in the modern software supply chain. For less than 24 hours, attackers hijacked download links for widely used system utilities, replacing legitimate installers with malware-laced packages designed to silently establish remote access on victim machines. The incident, which unfolded between April 9 and April 10, targeted users attempting to download tools such as CPU-Z and HWMonitor.

A newly observed macOS malware campaign is signaling a tactical shift in how attackers deliver infostealers, quietly abandoning the Terminal in favor of a less scrutinized native tool. Researchers at Jamf Threat Labs have identified a variant of the widely used ClickFix social engineering technique that leverages Script Editor, opening a new path to execute malicious code while sidestepping recent Apple protections. A Familiar Trick, Rewired for macOS ClickFix campaigns have

Federal cybersecurity agencies are warning that Iran-affiliated hackers are actively exploiting weaknesses in the industrial control systems that underpin America’s water and energy infrastructure, signaling a renewed focus on operational disruption rather than simple espionage. In a joint advisory released , a coalition that includes the Cybersecurity and Infrastructure Security Agency, National Security Agency, Federal Bureau of Investigation, U.S. Cyber Command, Department

A new cybersecurity report from Lumen signals a fundamental shift in how cyberattacks are built, scaled, and executed. The findings suggest that by the time most organizations detect an intrusion, the real operation has already been underway for days or even weeks. According to the Lumen Defender Threatscape Report 2026 , attackers are no longer focused solely on breaching endpoints. Instead, they are investing heavily in building and rotating infrastructure at scale, using

A sophisticated compromise of the widely used Axios JavaScript library has reignited concerns about the fragility of the open-source software supply chain, with security researchers warning that traditional defenses are no longer enough to protect modern development environments. The incident, which involved the hijacking of Axios’ npm distribution, allowed attackers to deliver remote access trojans across Windows, macOS, and Linux systems during a narrow but impactful expos

U.S. federal authorities are raising alarms about a surge in state-linked cyber activity targeting widely used messaging platforms, signaling a shift in how nation-state actors bypass encryption by exploiting users instead of software vulnerabilities. In two coordinated advisories , the FBI detailed separate campaigns tied to Russian intelligence services and Iran’s Ministry of Intelligence and Security. Both operations rely heavily on social engineering and the abuse of trus