Contact Information
Theodore Lowe, Ap #867-859
Sit Rd, Azusa New York
GemStuffer attack, AI SBOMs, and AI-created zero-days
This week’s Department of Know is hosted by Rich Stroffolinowith guests Gary ChanCISO, SSM Health and Peter LiebertCISO, Salesloft. Missed the live show? Check it
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
Ravie LakshmananMay 11, 2026Supply Chain Attack / DevSecOps Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins
Hackers Use AI for Exploit Development, Attack Automation
Threat actors are abusing AI tools in increasingly sophisticated ways, including exploit development and attack orchestration. Google today published new research tracking how adversaries leverage
ShinyHunters Claims Second Attack Against Instructure
The ShinyHunters gang has claimed a second successive breach of Instructure, the supplier of the Canvas learning management system (LMS), mere hours after the company
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has
TeamPCP Hits SAP Packages With ‘Mini Shai-Hulud’ Attack
TeamPCP‘s extensive supply chain campaign continued this week, as the cybercriminal group compromised several SAP npm packages in a “Mini Shai Hulud” attack. The compromised
How Do You Know If Your Backups Will Survive a Ransomware Attack?
Every organization wants to be able to recover from a ransomware attack. So why does no one seem to test properly for it? Check out
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
Ravie LakshmananApr 29, 2026Supply Chain Attack / Malware Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages
Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities
An analysis of software artifacts from a malicious cyberattack targeting the energy and utilities sector in Venezuela late last year revealed that the attack made
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
North Korea’s BlueNoroff state-sponsored hacking group is targeting cryptocurrency executives in an audacious, financially motivated campaign that uses fake Zoom meetings populated with AI-generated avatars
