India’s Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM […]
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is eslint-plugin-unicorn-ts-2, which […]
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions […]
Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis […]
Newly discovered malicious extensions could be lurking in enterprise browsers
A sprawling surveillance campaign targeting Google Chrome and Microsoft Edge users is just the latest evolution of a seven-year-long project to distribute malicious browser extensions. […]
DPRK’s ‘Contagious Interview’ Spawns Malicious Npm Package Factory
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software […]
Ukrainian Hackers Target Russian Aerospace and Defense Sectors
Multiple Ukrainian hacktivist groups have launched an extensive spearphishing campaign targeting Russia’s critical aerospace and defence industries, according to a new threat intelligence report by […]
nopCommerce Flaw Lets Attackers Access Accounts Using Captured Cookies
Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw […]
Early Indicators of Insider Threats Through Authentication and Access Controls
Security researchers at Nisos have identified a critical gap in insider threat detection: organizations often fail to correlate early behavioral anomalies with external intelligence sources, […]
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken […]