Malicious NPM libraries install ransomware, password stealer
Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users. [...]
North Korean state hackers start targeting the IT supply chain
North Korean-sponsored Lazarus hacking group has switched focus on new targets and was observed by Kaspersky security researchers expanding its supply…
SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat
Microsoft says the group has attacked more than 140 service providers, and compromised 14 of them, between May and October…
Hackers used billing software zero-day to deploy ransomware
An unknown ransomware group is exploiting a critical SQL injection bug found in the BillQuick Web Suite time and billing…
Google launches Android Enterprise bug bounty program
Google has announced the launch of its first vulnerability rewards program for Android Enterprise with bounties of up to $250,000. [...]
Microsoft-Signed Rootkit Targets Gaming Environments in China
FiveSys is the second publicly known rootkit since June that attackers have managed to sneak past Microsoft's driver certification process.
LightBasin hacking group breaches 13 global telecoms in two years
A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the…
Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability
On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in…
Apple AirTag Bug Enables ‘Good Samaritan’ Attack
The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny…
Does Your Organization Have a Security.txt File?
It happens all the time: Organizations get hacked because there isn't an obvious way for security researchers to let them…