SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
HealthcareInfoSecurity

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...
CSO Online

Malicious pgserve, automagik developer tools found in npm registry

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...
Infosecurity Magazine

Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim ...
Security Boulevard

AI Vulnerability Chaining – Why Your Security Stack Cannot Detect What Comes Next

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate ...
Security Boulevard

500,000 Vulnerabilities, 14 That Matter: How Exploit Chain Analysis Cuts Through the Noise

When 500,000 Findings Hide 14 Real Threats Modern enterprises ingest vulnerability data from dozens of sources: endpoint ...
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

‘Doing the best to survive’: One year on, healing remains elusive for Lapu Lapu victims

There have been divisions and rival proposals about where to build a Filipino community centre and some have denounced the ...

Trump denies being 'under pressure' to make Iran deal ahead of ceasefire deadline

The next phase of peace talks is uncertain after Iran says it has "no plans for the next round" of negotiations.

US envoys Steve Witkoff and Jared Kushner to fly to Pakistan for Iran talks, White House says

Trump's two special envoys will head to Islamabad on Saturday morning to continue negotiations, Press Secretary Karoline ...

How Telus helped Toronto police crack ‘SMS Blaster’ scam-text operation

Police say it’s the first time the portable devices used to mimic cellphone towers have been detected in Canada ...