News

Self-propagating supply chain attack hits 187 npm packages

Bys s September 17, 2025

Ax Sharma reports: Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious self-propagating payload to infect other packages. The coordinated worm-style campaign dubbed ‘Shai-Hulud’ started yesterday with the compromise of the @ctrl/tinycolor npm package, which receives over 2 million weekly downloads. Since then, the campaign has expanded significantly and…

Source

News

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
Bys s November 24, 2025

A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad. “The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access,” AhnLab Security Intelligence Center (ASEC) said in a report published last week. “They then used PowerCat, an open-source

Read More ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
News

Scalable Vector Graphics files pose a novel phishing threat
Bys s February 5, 2025

The SVG file format can harbor malicious HTML, scripts, and malware

Read More Scalable Vector Graphics files pose a novel phishing threat
News

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach
Bys s November 6, 2025

SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. “The malicious activity – carried out by a state-sponsored threat actor – was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call,”…

Read More SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach
News

Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations
By January 3, 2025

Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users’ privacy using its voice-activated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential…

Read More Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations
News

Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
Bys s January 19, 2026

Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. “By exploiting it, we were able to collect system fingerprints, monitor active sessions, and –…

Read More Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
News

No need to hack when it’s leaking: OrthoMinds edition
Bys s March 21, 2025

Exposed database backups discovered and reported by researcher @JayelTee are now being reported in more mainstream news after OrthoMinds issued a press about the incident. Marianne Kolbasuk McGee reports: A vendor of cloud-based orthodontic practice software is notifying an undisclosed number of patients that their data was exposed to the internet for 10 days last…

Read More No need to hack when it’s leaking: OrthoMinds edition

Similar Posts