WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...
New Scientist

Security credentials inadvertently leaked on thousands of websites

Researchers identified nearly 10,000 websites where API keys could be found, exposing details that could let attackers access ...

iPhone users in South Africa a prime target

Phone users in South Africa have become potentially lucrative targets to cybercriminals using a new attack called “DarkSword.

VoidStealer malware steals Chrome master key via debugger trick

An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and ...
WinBuzzer

GhostClaw Fake OpenClaw Installer Steals macOS Dev Credentials

JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto ...
The Hacker News

ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

ThreatsDay roundup covering stealthy attacks, phishing trends, exploit chains, and rising security risks across the threat ...