Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
SecurityWeek

Critical Vulnerabilities Patched in Fortinet, Ivanti Products

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.
Morning Overview on MSN

Hackers are exploiting a maximum-severity bug in a WordPress form plugin on thousands of sites, running their own code with no login required

Thousands of WordPress sites running the Kali Forms plugin are exposed to attackers who can execute arbitrary code on web ...
CSO Online

ServiceNow fixes API issue after reports of suspicious tenant activity

ServiceNow says security researchers were behind activity linked to a newly patched authentication flaw, but the company ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
Dark Reading

Attackers Use AI to Automate EDR Evasion Testing

Sophos X-Ops analysts published research this week concerning an unidentified threat actor using AI technology to develop endpoint detection and response (EDR) evasion tactics through the lens of what ...
The Sun

The Script fans convinced member has left for good as he shares cryptic post ahead of group’s new music

POP-ROCKERS The Script have riled up their long-term fans ahead of releasing brand new music. The group have frustrated supporters by not addressing missing band-member Glen Power amid the release of ...
New Republic

DOJ Tries to Unmask Reddit and X Users Who Criticized ICE

The Justice Department is trying to obtain the names, addresses, financial data, and other personal information of Reddit and X users who criticize ICE’s violent immigration tactics. Bloomberg ...
National Post

AI-generated antisemitism is exploding online and social platforms are struggling to stop it: report

A new study from CyberWell identified 307 posts that drew 30 million views across five major platforms over 13 months You can save this article by registering for free here. Or sign-in if you have an ...
The Washington Post

Ozempic may be reshaping the brain, scientists say

Ozempic was supposed to be a gut story. Then Allison Shapiro looked at the brain scans. An assistant professor at the University of Colorado Anschutz, she was part of a team studying 13 teens and ...