Security
Hundreds of code repos falling like dominoes, infected by new wave of self-replicating malware
Hundreds of GitHub and npm repositories, and dozens of extensions for VS Code and other code editors, have been compromised in a new massive wave of the GlassWorm supply chain attack. Thousands of developers are at risk, with the latest victims being popular React Native packages with over 130,000 monthly downloads.
Read more about Hundreds of code repos falling like dominoes, infected by new wave of self-replicating malware
CISA flags actively exploited vulnerability of file transfer software used by US Air Force and Sony
The US Cybersecurity and Infrastructure Security Agency (CISA) has officially urged US federal agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that could be chained in remote code execution (RCE) attacks.
Read more about CISA flags actively exploited vulnerability of file transfer software used by US Air Force and Sony
Chinese chatbots fooled into recommending nonexistent health gadget
A fake fitness tracker in China has revealed how easily chatbots can be misled by poisoned data. The incident raises fresh concerns about the reliability of chatbot outputs.
Read more about Chinese chatbots fooled into recommending nonexistent health gadget
Dutch telecom's bid to keep Chinese kit fails as court backs spy agency fears
Telecom provider Odido has lost an appeal regarding the replacement of network components from Huawei and ZTE in critical parts of its mobile network.
Read more about Dutch telecom's bid to keep Chinese kit fails as court backs spy agency fears
Russia found sharing drone technology, battlefield tactics with Iran to boost strike capabilities
Russia is now sharing satellite imagery, upgraded drone technology, and tactical guidance with Iran – likely improving Tehran’s ability to strike US and allied targets in the Middle East.
Read more about Russia found sharing drone technology, battlefield tactics with Iran to boost strike capabilities
Piracy surges as films and TV shows reach international audiences at different times
Predictably, lists of the most pirated Oscar-nominated movies appear almost every year in our newsfeeds. The combination of intense global curiosity and uneven release schedules creates a perfect storm, where audiences who want to watch a nominated film before the Oscars turn to dodgy downloads or illegal streams. But how did we get here?
Read more about Piracy surges as films and TV shows reach international audiences at different times
Popular Chrome extension turns malicious, starts hijacking affiliate commissions
“Save image as Type,” a popular Chrome extension featured by Google and with over one million downloads, silently changed ownership and was updated with malicious code to steal affiliate commissions from hundreds of merchants, XDA reports.
Read more about Popular Chrome extension turns malicious, starts hijacking affiliate commissions
Verizon opens investigation into stolen customer data being sold online
More than six million telecom customer records are now allegedly up for sale online, raising fresh fears about how deeply attackers may have penetrated a major Verizon partner.
Read more about Verizon opens investigation into stolen customer data being sold online
Microsoft uncovers new campaign built on persistent Teams voice phishing
In a sign that attackers are increasingly leveraging trusted infrastructure to evade detection, a new campaign, uncovered by Microsoft, relied less on exploiting software vulnerabilities and more on deception and legitimate tools.
Read more about Microsoft uncovers new campaign built on persistent Teams voice phishing
EU sanctions Chinese and Iranian companies for carrying out cyberattacks against Member States
The Council of the European Union has taken action against two Chinese tech companies, two Chinese nationals, and an Iranian tech company for executing cyberattacks.
Read more about EU sanctions Chinese and Iranian companies for carrying out cyberattacks against Member States
100,000 personal emails of ex-Mossad research head leaked, pro-Iran hackers claim with new Stryker leak
Pro-Iranian hacker group Handala claims it leaked 100,000 personal emails tied to an ex-Mossad research head as medtech firm Stryker says it contained cyberattack.
Read more about 100,000 personal emails of ex-Mossad research head leaked, pro-Iran hackers claim with new Stryker leak
Da Vinci robot maker Intuitive Surgical hit by hackers, data compromised
Hackers breached Intuitive Surgical after a targeted phishing attack, exposing employee and customer data. The company says its da Vinci and Ion platforms remain safe and operational.
Read more about Da Vinci robot maker Intuitive Surgical hit by hackers, data compromised
Sweden’s digital ID provider CGI Sweden confirms data breach
Hackers claim they’ve cracked a contractor tied to Sweden’s digital ID system, leaking code and credentials that could expose how citizens log in to government services.
Read more about Sweden’s digital ID provider CGI Sweden confirms data breach
BreachForums down, cyber defenders claim it was their doing
BreachForums, the notorious cybercriminal marketplace that’s used for trading, leaking, and selling stolen data, is now offline, showing a persistent “502 Bad Gateway” error on both its clearnet and onion versions. What happened?
Read more about BreachForums down, cyber defenders claim it was their doing
Threat actors linked to Russia target Ukrainian entities with new backdoor
A new campaign targeting Ukrainian entities and attributed to actors linked to Russia employs various judicial- and charity-themed lures to deploy a JavaScript‑based backdoor that runs in the Edge browser.
Read more about Threat actors linked to Russia target Ukrainian entities with new backdoor
Scammers are now skipping inboxes and going straight for your calendar
Cybercriminals are abusing calendar invites to skip inboxes and deliver fake invoices. They’re tricking victims into taking immediate action, which usually involves contacting the scammers, Malwarebytes warns.
Read more about Scammers are now skipping inboxes and going straight for your calendar
Microsoft reveals SEO poisoning campaign that baits users into downloading fake VPN software
Hackers are manipulating search results to lure users looking for legitimate VPN software to malicious downloads that install trojanized VPN clients and steal enterprise credentials.
Read more about Microsoft reveals SEO poisoning campaign that baits users into downloading fake VPN software
“No” means “Yes”: developers are going crazy over disobedient Claude coding assistant
Vibe-coders are complaining that Claude Code, the flagship AI coding assistant from Anthropic, has a compliance problem. “No” isn’t a hard stop – when specifically told not to do something, the AI assistant runs with its original idea anyway.
Read more about “No” means “Yes”: developers are going crazy over disobedient Claude coding assistant
Meta shuts down 150,000 Facebook scam accounts, 21 arrested in global crackdown
The operation removed more than 150,000 fraudulent accounts across Facebook and led to the arrest of 21 individuals linked to organized fraud groups targeting victims worldwide.
Read more about Meta shuts down 150,000 Facebook scam accounts, 21 arrested in global crackdown
South Korea fines Lotte Card after hack exposes data of nearly 3 million customers
South Korean regulators have fined credit card provider Lotte Card 9.6 billion won (about $6.5 million) after a cyberattack exposed the sensitive personal data of 2.97 million customers.
Read more about South Korea fines Lotte Card after hack exposes data of nearly 3 million customers
