One wrong click, on the maintainer's part, could put millions at risk. Hijacking legitimate libraries has become a recurring attack vector in recent times, given both the fragility of and the trust that the open-source ecosystem operates on. bleepingcomputer.com/news/security/…

Ax Sharma got-fetch also contains a malicious DLL of the same malware family called "crashreporter.dll" 30295311d6289310f234bfff3d5c7c16fd5766ceb49dcb0be8bc33c8426f6dc4 secure.software/npm/packages/g…

Gathering threat intel, unmasking perps behind cyber attacks and bringing down entire ransomware gangs are just some of the ways the dark web is used by defenders. csoonline.com/article/401776…

ExpressVPN bug leaked user IPs in Remote Desktop sessions - Bill Toulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

#NPM package 'is' with 2.8M weekly downloads was compromised and infected developers with malware: #AppSec #SoftwareSupplyChainSecurity 👇 bleepingcomputer.com/news/security/…

Hacker sneaks infostealer malware into early access Steam game - Bill Toulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

National Bank of Canada online systems down due to 'technical issue' - Ax Sharma bleepingcomputer.com/news/technolog… bleepingcomputer.com/news/technolog…

Hackers leak Allianz Life data stolen in Salesforce attacks - Lawrence Abrams bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Booking[.]com phishing campaign uses sneaky 'ん' character, which can look like '/~' in some fonts, to trick you and deliver #malware. Another homoglyph attack revealed by JAMESWT. bleepingcomputer.com/news/security/…

Self-propagating supply chain attack on 187 npm projects also hit CrowdStrike's namespace. Statement from CrowdStrike 👇 bleepingcomputer.com/news/security/…

We’ve seen QR codes in scams before, but those relied on people scanning them. Socket's new find is scarier: malware using QR codes to talk to its C2 server — traffic that to security tools looks like harmless image exchanges. bleepingcomputer.com/news/security/…

🚨 WARNING: Cisco VPN gear under active attack! Two zero-days (CVE-2025-20333, CVSS 9.9 & CVE-2025-20362) let hackers gain root access and bypass auth. CISA issued an emergency directive—federal agencies have 24 hrs to patch. Details → thehackernews.com/2025/09/urgent…

World's "largest supply chain attack" this month... and just 5 cents stolen?! 🤔 I needed to dig deeper into this contradiction—all hype or something you need to take seriously? youtu.be/wkZj87CR404 #npm #opensource

TLDR: Claim your dollar, beware of phishing attempts. And, lawyers be getting rich. bleepingcomputer.com/news/security/…

crowdstrike.com/en-us/security… fully agree with Kevin

Hackers just turned GitHub into their command center. When police take down their servers, the malware just… reboots itself from GitHub. The twist? It hides configs inside images using steganography. This isn’t a glitch — it’s resilience by design. Read how it works →

FuzzingLabs has accused Y Combinator-backed startup, Gecko Security, of replicating its vulnerability disclosures and backdating blog posts. Gecko denies wrongdoing. bleepingcomputer.com/news/security/…

wow..... you have to be pwn3d really hard to have attestation letters to show you 'aren't totally compromised' etc. (this is linked from the F5 press release thing so it's clearly PUBLIC despite being marked otherwise)