Meetings that actually lead somewhere
Granola is the AI notepad for people with back-to-back meetings. Take notes your way and Granola turns them into clear summaries, action items, and follow-ups. No bots. No disruptions. Just results.
Supply-Chain Worm
Bitwarden CLI npm package compromised to steal developer credentials
The problem was found in a specific package for a service that many teams trust to keep their passwords safe.
A Trap for Builders
Someone put fake code into the system that helps developers download the tools they need for work.
When a builder used this tool, the hidden code would wake up and look for private login keys.
It specifically tried to find and send back the keys that open the safe where a company keeps its most important secrets.
This kind of attack is scary because it targets the very people who build the apps we use every day.
The Theft in Action
The harmful script was designed to run quietly so that the developer would not notice anything was wrong.
It looked for pieces of information called environment variables, which often hold master keys to cloud servers.
Once it found these keys, it sent them to a computer controlled by the bad actors.
Security teams noticed the change quickly, but it shows how easily one bad piece of code can spread through a whole company.
Staying Safe at Work
The group that makes the tool removed the bad code and told everyone to update to a clean version right away.
They are now looking for ways to make sure this does not happen again by checking new code more carefully.
Builders should always double check the version of the tools they use before they start a new project.
It is also a good idea to limit what a tool can see on a computer so it cannot steal everything at once.
Checking your tools for hidden changes is the best way to keep your secrets from falling into the wrong hands.
๐บ๏ธ Podcast
The Cybercrime Shift: From Opportunistic Attacks to Marketplace-Driven Ecosystem
The Rise of Cybercrime Marketplaces
Cybercrime has evolved from independent, opportunistic attacks into a highly organized, marketplace-driven ecosystem. This professionalization allows threat actors to buy and sell access, malware, and infrastructure as a service, significantly lowering the barrier to entry for new attackers. This scalable model means that even less technical criminals can now launch sophisticated, high-volume campaigns against enterprises.
Convergence of Criminal and State Actors
There is a growing blur between traditional criminal networks and nation-state actors, as both groups now frequently share the same tools and infrastructure. Cryptocurrency has become the primary lubricant for this ecosystem, allowing for anonymous payments and the rapid movement of funds across borders. This convergence makes attribution much more difficult for defenders, as the line between financial gain and political espionage continues to vanish.
Strategic Disruption via Blockchain
Blockchain intelligence has become a vital tool for defenders to track illicit financial flows and disrupt criminal operations. By monitoring alternative cryptocurrencies and following the digital paper trail, investigators can identify "initial access brokers" and proactively intervene before a ransomware payload is even delivered. Strategic collaboration between the private sector and law enforcement is now essential to reduce the overall impact and frequency of ransomware payments.
Agents Blindspot
Why Enterprise Security Is Unprepared for the AI Agents Already Inside the Network
These tools are different from old software because they can make choices and act on their own.
New Risks for Security
Most safety plans were made for people, not for independent software programs.
This change creates a gap where these helpers can move through files and data without being checked.
Because they act so fast, they can reach sensitive information before anyone knows what happened.
Many safety teams do not even know which helpers are active in their networks right now.
Managing Digital Workers
Treating these tools like normal apps is a mistake that leaves the door open for trouble.
They often have broad access to private folders that a human worker might not be allowed to see.
To stay safe, companies must start tracking what each helper does every single day.
They also need to give each program a specific owner who is responsible for its actions.
A Better Safety Plan
Companies need to update their rules to watch how these smart tools talk to each other.
Without new ways to see their work, it is hard to stop a mistake or a bad actor.
Staying ahead means changing how we think about who, or what, is using our computers.
Ensuring every automated tool has a human supervisor is the best way to keep business data safe.
Automated Breach
'Zealot' Shows What AI's Capable of in Staged Cloud Attack
The program, named Zealot, managed to find its way into a network and take control without any human help.
A Faster Type of Attack
Traditional hackers usually take days or weeks to move through a company network.
Zealot did the same work in just minutes by making very fast choices.
It found open doors, moved from one spot to another, and stole private data before anyone could stop it.
This test shows that computer defenses need to move much faster than they do today.
Learning from the Machine
Defenders are using this test to see where their old safety tools fail to stop a fast machine.
Zealot does not just follow a simple list of steps; it changes its plan based on what it finds.
If one door is locked, it quickly looks for another way in without getting tired or making mistakes.
Testing these smart tools now helps companies build better walls before real bad actors try the same thing.
Fixing the Gaps
Most companies are still used to fighting human hackers who work at human speeds.
To stay safe, they will need new tools that can spot and stop a machine attack in seconds.
The best defense is to use the same kind of smart technology to watch for trouble and lock doors automatically.
As attacks get faster and smarter, our safety tools must be able to think and act just as quickly.
Data Exfiltration
Trigona ransomware attacks use custom exfiltration tool to steal data
This group uses a special program they made themselves to take data before they lock the systems for money.
A Sneaky Way to Steal
The program is built to work very quietly so that it does not set off any alarms.
It can pick and choose exactly which files to take based on how important they look.
By using their own tool, these actors can bypass the usual safety checks that look for common file-sharing apps.
This allows them to move large amounts of private information out of a network without being caught.
How the Attack Works
The bad actors first get into a system and spend time looking around for the best data to take.
Once they are ready, they use the tool to send copies of these files to their own storage.
After the files are gone, they use a different program to lock all the computers and demand a payment.
Having a copy of the files gives them more power to force companies to pay up.
Staying Safe from Theft
Companies can protect themselves by watching for strange tools that they did not install themselves.
It is also helpful to limit what files a single user can see or copy at one time.
Keeping a close eye on any data leaving the network can help stop the theft before it finishes.
Checking for small, unknown programs on servers is a key step in keeping business secrets safe.
Using unique tools for data theft shows that these groups are becoming more organized and harder to stop with basic safety gear.
Stay safe!