npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

/in

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation.

Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve

The Hacker News – ​Read More

These special phone and app features can help protect you from spyware

/in

Apple, Meta, and Google offer special security modes that provide your devices more secure against targeted spyware attacks. Here are how those modes work, what they do, and how to switch them on.

Security News | TechCrunch – ​Read More

This rugged Windows tablet handles mud and rain – but didn’t impress with the basics

/in

The Getac G140 puts power in the hands of fire & rescue, automotive, and utility workers.

Latest news – ​Read More

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

/in

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month.

Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set of about 50 partners

The Hacker News – ​Read More

RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers

/in

Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers

/in

Plus: Google publishes a live exploit for an unpatched flaw, the feds arrest two men accused of creating thousands of nonconsensual deepfake nudes, and more.

Security Latest – ​Read More

I joyfully reunited with my first Linux distro at the Virtual OS Museum

/in

Feeling nostalgic? From Amiga Unix to XVM/RSX, anyone can run over 570 extinct OSes. Try it now on Linux, MacOS, or Windows.

Latest news – ​Read More

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

/in

The stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic.

The post ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains appeared first on SecurityWeek.

SecurityWeek – ​Read More

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core.

“Drupal Core

The Hacker News – ​Read More

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

/in

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild.

The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions.

“Any cPanel user (including an attacker or a compromised account) may

The Hacker News – ​Read More