Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

/in

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil’s largest cooperative financial systems, to siphon client IDs and PFX certificates.

According to Socket, versions 2.0.0 through 2.0.4 of “Sicoob.Sdk” contain functionality to exfiltrate sensitive information, including PFX certificates that are used to

The Hacker News – ​Read More

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

/in

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026.

“Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex meeting page that leveraged

The Hacker News – ​Read More

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

/in

The AI company’s Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have this malware installed?

Latest news – ​Read More

AI Model Release Tracker: Opus 4.8’s misalignment rates similar to Claude Mythos Preview

/in

Not every new model is all it’s cracked up to be. Our tracker keeps each release in context with its peers, so you know which models are worth your time.

Latest news – ​Read More

ShinyHunters Alleges 42M Records Stolen from Charter Communications

/in

Charter confirmed a cyber incident after ShinyHunters claimed it stole Spectrum customer data through vishing and SaaS account access.

The post ShinyHunters Alleges 42M Records Stolen from Charter Communications appeared first on TechRepublic.

Security Archives – TechRepublic – ​Read More

Hackers are trying to steal Signal users’ backups in new wave of phishing attacks

/in

A new hacking campaign is trying to trick Signal users to give up their secret recovery key, which can be used to access online backups containing past messages.

Security News | TechCrunch – ​Read More

Dutch Raid Fails to Dent Russian Bulletproof Host

/in

Dutch law enforcement seized 800 servers and arrested two operators of THE.Hosting but left the hosting provider’s core IP address space intact.

darkreading – ​Read More

Name That Toon Contest

/in

Post Content

darkreading – ​Read More

The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are

/in

The US military has long known that cheap fixes could stop location data from exposing its troops. It adopted almost none—and now says adversaries are using the data to target soldiers during a war.

Security Latest – ​Read More

Geordie Raises $30 Million for AI Security and Governance Platform

/in

The funding round was led by Balderton Capital, with additional support from Crosspoint Capital and previous investors General Catalyst and Ten Eleven Ventures.

The post Geordie Raises $30 Million for AI Security and Governance Platform appeared first on SecurityWeek.

SecurityWeek – ​Read More