When I talk about open-source security, I’m not talking ideology—I’m talking measurable trust. The RPM 6.0.0 release (September 22, 2025) finally gives me solid building blocks for what I expect from a modern package system: locking down the trust chain, tracing artifact provenance precisely, and handling key rotations without breaking production. Why this release changes…
In July 2024, a U.S. federal civilian agency experienced a sophisticated cyber intrusion that would later provide valuable lessons for defenders. The Cybersecurity and Infrastructure Security Agency (CISA) was called in to assist with incident response after the agency’s endpoint detection and response (EDR) system alerted to potential malicious activity. CISA’s investigation of the incident…
Executive Summary The U.S. Secret Service dismantled a network of electronic devices across the New York tristate area used to conduct telecommunications-related threats targeting senior U.S. government officials, which posed an imminent risk to protective operations. The investigation uncovered more than 300 co-located SIM servers and 100,000 SIM cards at multiple sites. The devices were…
The Weakest Link in the Digital Chain In the contemporary software development landscape, where speed and code reusability are paramount, the Node Package Manager (NPM) has become an indispensable pillar of the JavaScript ecosystem. Acting as the world’s largest open-source library repository, with over 3 million packages and billions of weekly downloads, NPM simplifies dependency…
Executive Summary On September 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a detailed Malware Analysis Report (AR25-261A) regarding a cyber intrusion targeting Ivanti Endpoint Manager Mobile (EPMM) systems. In this incident, cyber threat actors exploited two critical vulnerabilities (identified as CVE-2025-4427 and CVE-2025-4428) to bypass authentication in the Ivanti EPMM product…
On September 12, 2025, the Federal Bureau of Investigation (FBI) issued a FLASH alert detailing the operations of two cybercriminal groups, UNC6040 and UNC6395, which are targeting Salesforce instances to exfiltrate data and extort organizations. This alert, intended for cybersecurity professionals (CERTs, SOC analysts, CISOs), outlines the initial access vectors, data exfiltration techniques, authentication bypass…
