Login Subscribe

7secure Coverage

Articles

Search and filter the broader reporting stream across incidents, AI security, policy, and operational coverage.

Mercor Recruiting Compromised via Malicious LiteLLM Supply‑Chain Injection

Mercor Recruiting Compromised via Malicious LiteLLM Supply‑Chain Injection

Mercor, an AI‑driven recruiting platform, was breached when a compromised version of the open‑source LiteLLM library was introduced into its software build process. The malicious code embedded in the library activated during compilation, creating hidden back‑doors that allowed threat actors to siphon user credentials, internal configuration files,

Threat Intelligence

Fake CERT‑UA Emails Deploy AGEWHEEZE RAT to Millions

Fake CERT‑UA Emails Deploy AGEWHEEZE RAT to Millions

A threat group impersonated Ukraine’s Computer Emergency Response Team (CERT‑UA) in a massive phishing campaign, sending roughly one million emails that mimicked official alerts and advisories. The messages contained a malicious attachment or link that, once opened, installed the AGEWHEEZE remote administration tool, granting attackers persistent remote access

Threat Intelligence

Hong Kong‑Based Scanners Flood GreyNoise, Signal Recon Before Real Attacks

Hong Kong‑Based Scanners Flood GreyNoise, Signal Recon Before Real Attacks

GreyNoise observed a sudden surge of scanning activity, with roughly 50% of the new source IPs geolocated to Hong Kong. Most of these probes failed to complete a TCP handshake, indicating they were limited to banner grabs and port sweeps rather than attempts to exploit services. The pattern suggests a

Identity & Access Management

Zero‑Trust Rollout Stumbles: Legacy, Resources, and Policy Gaps Hamper Enterprises

Zero‑Trust Rollout Stumbles: Legacy, Resources, and Policy Gaps Hamper Enterprises

A Gartner survey of 500 enterprise IT leaders shows that while 92% recognize zero‑trust as a strategic priority, more than three‑quarters report stumbling blocks when moving from theory to practice. The biggest pain points are integrating legacy applications that can’t easily support identity‑centric controls, securing sufficient

Insider‑Threat Platform Hijacked via Update Supply‑Chain Attack

Insider‑Threat Platform Hijacked via Update Supply‑Chain Attack

A threat‑actor group compromised a leading insider‑threat detection solution by injecting malicious code into a routine software update. The hidden payload disabled the platform’s alerting and telemetry functions, effectively turning the security tool into a blind spot while preserving a backdoor for ongoing access. The backdoor let

Vulnerabilities & Exploits

Critical Supply‑Chain RCE Found in Popular IoT Camera Firmware

Critical Supply‑Chain RCE Found in Popular IoT Camera Firmware

Security researchers have identified a remote code execution (RCE) flaw in the firmware of a widely used line of IoT cameras and environmental sensors. The vulnerability is traced to a compromised third‑party update server that signs malicious firmware binaries, turning the devices’ legitimate update process into a supply‑chain