North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages

Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the…

Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options

Microsoft on Tuesday announced that it’s extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud. The development comes ahead of the tech giant’s upcoming October 14, 2025, deadline, when it plans to officially end…

Dublin ETB fined €125,000 for data protection breaches

Cianan Brennan reports: Dublin’s Education and Training Board (CDETB) has been fined €125,000 by the Data Protection Commission after the personal details of 13,000 grant applicants were made available to “unauthorised persons”. The commission concluded after a six-year investigation that the ETB had breached GDPR in multiple ways by both failing to ensure sufficient security…

From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math

More great reporting and analysis by Therese Defino of the Health Care Compliance Association (HCCA): A single incident that may have started as a personal vendetta or an extortion threat seven years ago has cost a Florida health care system $800,000, and comes on the heels of an unrelated breach suffered by a different hospital…

Liberty Township in Ohio has recovered its network after a ransomware attack

With so many cyberattacks being disclosed every day, a lof ot them never get reported on in the media. That’s not necessarily a bad thing, but some of them do contain sensitive personal information or could expose people — or the entity itself — to increased risk of future attacks. One such incident involved Liberty Township…

New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public

The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S. law. The U.S. Embassy said every visa application review is a “national security decision.” “Effective…

Marquette County Medical Care Facility discloses data breach

Marquette County Medical Care Facility (MCMCF) has issued a statement about a breach they discovered in March 2025. On March 3, 2025, MCMCF became aware of the business email compromise incident when contacts of MCMCF’s Human Resources director began receiving phishing emails from her Microsoft Office 365 (O365) account. The types of information involved included…

Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new analysis published last week, said it identified two different kinds of keylogger code written in JavaScript on the Outlook login page – Those that save collected…

Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue

Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in order to shut down the mining process, Akamai said in a new report published today. “We developed two techniques by leveraging the mining topologies and pool…