LG G6 vs. LG G5: I compared the flagship OLED TVs, and there’s a surprise winner

Between the new LG G6 OLED and last year’s G5 OLED, here are the key differences to consider before upgrading.

Latest news – ​Read More

Is increasing VRAM finally worth it? I ran the numbers on my Windows 11 PC

Virtual RAM can help boost PC performance when resources are scarce. While it can be useful, it’s not a replacement for physical RAM.

Latest news – ​Read More

I used an $80 monitor with a 144Hz refresh rate for a week – and couldn’t believe my eyes

MSI’s Pro MP243W 24-inch monitor pairs well with other budget laptops, making it an affordable home workstation.

Latest news – ​Read More

Inconsistent Privacy Labels Don’t Tell Users What They Are Getting

Data privacy labels are a great idea for mobile apps, but the current versions just aren’t good enough.

darkreading – ​Read More

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models.

Security Latest – ​Read More

Fake ChatGPT Ad Blocker Chrome Extension Caught Spying on Users

A fake Chrome browser extension called ‘ChatGPT Ad Blocker’ was harvesting conversations of ChatGPT users in the name of offering an ad-free experience.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

EU cyber agency attributes major data breach to TeamPCP hacking group

The European Union’s cybersecurity agency said the hacking group TeamPCP was behind a massive recent data breach at the European Commission.

The Record from Recorded Future News – ​Read More

I let Apple Music’s new AI tool curate my playlists for 24 hours – and discovered new hits

I usually cycle through my years-old playlists, but I tried AI-generated ones for a weekend and found some key learnings.

Latest news – ​Read More

Do not get high(jacked) off your own supply (chain)

Do not get high(jacked) off your own supply (chain)

In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a “chaos-as-a-service” group that injected malicious code into hijacked GitHub repositories for open-source projects, including Trivy, an open-source security scanner.

The impact of these supply chain attacks can be vast. Axios receives 100 million downloads weekly and innumerable organizations rely on the frameworks and libraries compromised by TeamPCP. The headache they pose to organizations and their security personnel is considerable as well; affected utilities can be integrated so deeply that it may be difficult to fully catalog, let alone remediate.

Although the timing, scale, and severity of these attacks can be shocking, this is not a new phenomenon. The supply chain has remained an attractive target for some time because of its fragility and the fact that a successful compromise can lead to countless additional downstream victims.

Findings from the recently published Talos 2025 Year in Review illustrate these long-standing trends. Nearly 25% of the top 100 targeted vulnerabilities we observed in 2025 affect widely used frameworks and libraries. Digging deeper into the list reveals additional insights. The React2Shell vulnerability affecting React Server Components became the top-targeted vulnerability of 2025 despite being disclosed in December, reflecting the speed at which these supply chain attacks can reach massive scale. The presence of Log4j vulnerabilities shows how deeply embedded these utilities can be and therefore how difficult it can be to reduce the attack surface. Although these particular examples represent extant vulnerabilities that can be weaponized by numerous adversaries versus a deliberate attack carried out by a single adversary, they show how impactful and disruptive threats to the supply chain can be. Follow-on attacks can range from ransomware to espionage, which is reflective of the broad swath of adversaries that carry them out — from sophisticated state-sponsored groups to teenage cyber criminals.

If we are all building on such shaky foundation, what can we do to keep safe? After all, it certainly seems dire when a tool such as Trivy that we could normally use to scan for supply chain vulnerabilities becomes compromised itself. But there are concrete steps we can take to improve our security posture.

As highlighted in the Year in Review, protecting identity is key. This includes securing CI/CD pipelines to prevent these types of compromises from occurring in the first place, as well as limiting the impact and lateral movement of an adversary should they obtain access to a downstream victim.

In addition, organizations must try to the best of their abilities to inventory the software libraries and frameworks they employ, stay informed of security incidents, and respond rapidly to implement patching and other mitigations.

Just as supply chain attacks are evergreen, so too is the efficacy of security fundamentals, such as segmentation, robust logging, multi-factor authentication (MFA), and the implementation of emergency response plans.

As trust continues to break down, the only viable solution may be to double down on vigilance. Since this recent spate of attacks represents a trend that will likely only grow in intensity and breadth, the time for action and planning is now.

Coverage

Below, find a sample of the some of the recent coverage we offer to protect against these threats:

ClamAV:
Txt.Trojan.TeamPCP-10059839-0

Txt.Trojan.TeamPCP-10059839-0

Behavioral Protections:
LiteLLM Supply Chain Compromise – alerts during installation of compromised packages

Cisco Talos Blog – ​Read More

You can use Google Meet with CarPlay now: How to join meetings safely in your car

Use Android Auto instead of CarPlay? Google said support is coming soon for Meet.

Latest news – ​Read More