Category: Uncategorized

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign Summary Security researchers (Socket) have uncovered 175 malicious npm packages that together have been downloaded about 26,000 times…

CL0P-Linked Hackers Breach Dozens of Organisations Through Oracle Software Flaw Summary Google’s Threat Intelligence Group (GTIG) and Mandiant report that dozens of organisations were likely impacted by a coordinated exploitation…

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps Summary Security researchers have uncovered a rapidly evolving Android spyware campaign dubbed “ClayRat” that targets users (notably in…

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns Summary Researchers at McAfee Labs have uncovered a campaign in which the Astaroth banking trojan uses GitHub repositories as a…

Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain Summary Cybersecurity researchers at Proofpoint have detailed activity by a previously undocumented threat actor they call TA585, which has been distributing…

Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk Summary This article warns that the biggest blind spot for online retailers ahead of the 2025 holiday season is unmonitored JavaScript…

Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors Summary Security researchers have observed the RondoDox malware campaign expanding into a broad, automated exploitation operation that weaponises…

Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor Summary Microsoft has tightened how Internet Explorer (IE) mode is launched inside Edge after receiving credible reports that…

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels Summary Punchy author note: This is urgent if you build, run or vet open-source packages — malicious libraries…