Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...
The Hacker News

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

North Korea-linked ScarCruft uses fake Microsoft Account alerts and ZIP files to deliver NarwhalRAT, a Python RAT built for ...

Chainguard's new Athena coalition uses AI to fix open-source flaws - before attackers exploit them

Chainguard will use AI to protect open-source code. Athena pools open-source users, developers, and maintainers. Others are ...
Indiatimes

What is DarkSword? The latest malware that could hit iPhones above THIS version and how to stay protected from it?

A new iOS exploit kit named DarkSword is targeting millions of unpatched iPhones by compromising websites, stealing sensitive data without leaving traces. This powerful tool exploits six iOS ...
The Himalayan Times

India says it is closely monitoring recent development amid Gen Z protests

The Ministry of External Affairs of India said it is closely monitoring developments in Nepal following widespread protests by Gen Z groups against corruption, which have resulted in multiple ...
CSOonline

North Korean cyberspies trick developers into installing malware with fake job interviews

Once accepted, the attackers tell developers to download a Node.js project as part of a practical test. The trojanized project on launch deploys a RAT and infostealer malware targeting all major OS ...
VN Express

Number of malware victims skyrockets: Kaspersky

Some 31,000 employees’ accounts were compromised by malware in Vietnam last year, a 31-fold jump from 2020, according to Russian cybersecurity firm Kaspersky. The data was contained in a report ...
Cloud Security Alliance

Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services

FBot is a Python-based hacking tool distinct from other cloud malware families, targeting web servers, cloud services, and SaaS platforms like AWS, Office365, PayPal, Sendgrid, and Twilio. FBot does ...