Latest news as of 6/7/2025, 9:13:19 PM
Bleeping Computer
Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. [...]
Bleeping Computer
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). [...]
Have I Been Pwned
In June 2022, . The incident exposed 690k unique email addresses along with names, post codes, phone numbers and plain text passwords. the Japanese record chain store Disk Union suffered a data breach
Dark Reading
During "CISO: The Worst Job I Ever Wanted," several chief information security officers (CISOs) tell their stories and reveal how difficult it is to be in a role that's still undefined despite being around for decades.
Dark Reading
Several widespread ClickFix campaigns are underway, bent on delivering malware to business targets, and they represent a new level of phishing sophistication that defenders need to be prepared for, researchers warn.
The Register
OpenAI boots accounts linked to 10 malicious campaigns Fake IT workers possibly linked to North Korea, Beijing-backed cyber operatives, and Russian malware slingers are among the baddies using ChatGPT for evil, according to OpenAI's latest threat report.…
Dark Reading
Agentic AI technology will be integrated into the recently launched F5 Application Delivery and Security Platform.
The Hacker News
Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems. The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum. "macOS users are served a
Bleeping Computer
Microsoft has released a PowerShell script to help restore an empty 'inetpub' folder created by the April 2025 Windows security updates if deleted. As Microsoft previously warned, this folder helps mitigate a high-severity Windows Process Activation privilege escalation vulnerability. [...]
Dark Reading
Though the operation was partially disrupted earlier this year, the botnet remains active and continues to target connected Android devices.