Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

/in

Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems.
“Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers,” Sonatype researcher Ax Sharma said. “However, […] the latest

The Hacker News – ​Read More

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

/in

Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape.
“Following the recent Chrome sandbox escape (

The Hacker News – ​Read More

Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen

/in

The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.

darkreading – ​Read More

Fake Snow White Movie Torrent Infects Devices with Malware

/in

Disney’s latest Snow White movie, with a 1.6/10 IMDb rating, isn’t just the biggest flop the company has…

Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – ​Read More

Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public

/in

WIRED has found four new Venmo accounts that appear to be associated with Trump officials who were in an infamous Signal chat. One made a payment with a note consisting solely of an eggplant emoji.

Security Latest – ​Read More

OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update

/in

The artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward.

darkreading – ​Read More

How CISA Cuts Impact Election Security

/in

State and federal security experts weighed in on the impact that budgetary and personnel cuts to CISA will have on election security as a whole.

darkreading – ​Read More

Hoff’s Rule: People First

/in

Dark Reading Confidential Episode 5: Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber incident and built from the ground up a security team and security culture.

darkreading – ​Read More

Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection

/in

Microsoft’s .NET MAUI lets developers build cross-platform apps in C#, but its use of binary blob files poses new risks by bypassing Android’s DEX-based security checks.

Security | TechRepublic – ​Read More

SignalGate Is Driving the Most US Downloads of Signal Ever

/in

Scandal surrounding the Trump administration’s Signal group chat has led to a landmark week for the encrypted messaging app’s adoption—its “largest US growth moment by a massive margin.”

Security Latest – ​Read More