GitHub: Attackers stole login details of 100K npm user accounts
GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach…
Microsoft adds support for WSL2 distros on Windows Server 2022
Microsoft has announced that Windows Subsystem for Linux (WSL2) distros are now supported on Windows Server 2022 after installing this week's…
Hacker says hijacking libraries, stealing AWS keys was ethical research
The hacker of 'ctx' and 'PHPass' libraries has now broken silence and explained the reasons behind this hijack to BleepingComputer.…
Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems
The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.
Fake Windows exploits target infosec community with Cobalt Strike
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. [...]
Critical VMware Bug Exploits Continue, as Botnet Operators Jump In
A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks…
Third-party web trackers log what you type before submitting
An extensive study looking into the top 100k ranking websites has revealed that many are leaking information you enter in…
iPhones Open to Attack Even When Off, Researchers Say
Wireless chips that run when the iPhone iOS is shut down can be exploited.
Hackers are exploiting critical bug in Zyxel firewalls and VPNs
Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices…
Fake Binance NFT Mystery Box bots steal victim’s crypto wallets
A new RedLine malware distribution campaign promotes fake Binance NFT mystery box bots on YouTube to lure people into infecting…