Security Boulevard

APT37 Adds New Capabilities for Air-Gapped Networks

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...
The Hacker News

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Malicious StripeApi.Net package on NuGet mimicked Stripe.net, logged 180,000 downloads, and stole Stripe API tokens before removal.

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI ...
CoinDesk

Flare and Xaman unlock one-click DeFi access for over 2 billion XRP sitting idle in wallets

The integration lets XRP holders deposit into yield-generating vaults through a single transaction without leaving their ...

Shanon : New Open Source AI Pentester Powered By Claude Code

Shanon is an open source AI pentester built on the Claude SDK; runs cost about $60 in API credits, with CI/CD support; ...

Linux explores new way of authenticating developers and their code - here's how it works

Linux kernel maintainers propose a less painful process for identifying developers. See how it can make Linux code safer than ever.