Malicious Rspack, Vant packages published using stolen NPM tokens
Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish…
Ditch The Cloud Security Labels to Nail Detection and Response
Today’s cloud security categories don’t do practitioners any favors when it comes to identifying the key requirements for detection and…
Russian hackers use RDP proxies to steal data in MiTM attacks
The Russian hacking group tracked as APT29 (aka "Midnight Blizzard") is using a network of 193 remote desktop protocol proxy servers…
How to Lose a Fortune with Just One Bad Click
Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called…
Thai Police Systems Under Fire From ‘Yokai’ Backdoor
Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of…
Does Desktop AI Come With a Side of Risk?
Artificial intelligence capabilities are coming to a desktop near you — with Microsoft 365 Copilot, Google Gemini with Project Jarvis,…
Windows kernel bug now exploited in attacks to gain SYSTEM privileges
CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. [...]
Malicious ads push Lumma infostealer via fake CAPTCHA pages
A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run…
Microsoft Teams Vishing Spreads DarkGate RAT
A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread…
390,000 WordPress accounts stolen from hackers in supply chain attack
A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat…