New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

/in

Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware.
The malware, introduced via a change to “lib/commonjs/index.js,” allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1

The Hacker News – ​Read More

Malicious Browser Extensions Infect 722 Users Across Latin America Since Early 2025

/in

Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data.
“Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack,” Positive Technologies security researcher

The Hacker News – ​Read More

Trump administration takes aim at Biden and Obama cybersecurity rules

/in

In a White House fact sheet, the administration claims that Biden’s Executive Order 14144 — signed days before the end of his presidency — was an attempt “to sneak problematic and distracting issues into cybersecurity policy.”

Security News | TechCrunch – ​Read More

Over 20 Malicious Apps on Google Play Target Users for Seed Phrases

/in

Over 20 malicious apps on Google Play are stealing crypto seed phrases by posing as trusted wallets and exchanges, putting users’ funds at risk.

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More

The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking

/in

Plus: A 22-year-old former intern gets put in charge of a key anti-terrorism program, threat intelligence firms finally wrangle their confusing names for hacker groups, and more.

Security Latest – ​Read More

After its data was wiped, KiranaPro’s co-founder cannot rule out an external hack

/in

Exclusive: The company’s co-founder and CTO blame a former employee for a breach, but cannot rule out that it wasn’t.

Security News | TechCrunch – ​Read More

Italian lawmakers say Italy used spyware to target phones of immigration activists, but not against journalist

/in

A parliamentary investigation answered some — but not all — the questions related to a spyware scandal involving the use of the Israeli company’s spyware, Graphite.

Security News | TechCrunch – ​Read More

Cutting-Edge ClickFix Tactics Snowball, Pushing Phishing Forward

/in

Several widespread ClickFix campaigns are underway, bent on delivering malware to business targets, and they represent a new level of phishing sophistication that defenders need to be prepared for, researchers warn.

darkreading – ​Read More

Anthropic appoints a national security expert to its governing trust

/in

Anthropic’s long-term benefit trust is a governance mechanism that Anthropic claims helps it promote safety over profit, and which has the power to elect some of the company’s board of directors.

Security News | TechCrunch – ​Read More

Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight

/in

In an effort to evade detection, cybercriminals are increasingly turning to “residential proxy” services that cover their tracks by making it look like everyday online activity.

Security Latest – ​Read More