Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Dec 02, 2025Ravie LakshmananAI Security / Software Supply Chain Cybersecurity researchers have disclosed details of an npm package that attempts...
Hacking
Category Added in a WPeMatico Campaign
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a...
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it...
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
Dec 02, 2025Ravie LakshmananMobile Security / Vulnerability Google on Monday released monthly security updates for the Android operating system, including...
India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud
Dec 01, 2025Ravie LakshmananSurveillance / National Security India's telecommunications ministry has reportedly asked major mobile device manufacturers to preload a...
ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware
A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3...
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Dec 01, 2025Ravie LakshmananHacking News / Cybersecurity Hackers aren't kicking down the door anymore. They just use the same tools...
Webinar: The “Agentic” Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams
The AI browser wars are coming to a desktop near you, and you need to start worrying about their security...
New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control
A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a "full spectrum" of...
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
Dec 01, 2025Ravie LakshmananMalware / Threat Intelligence The threat actor known as Tomiris has been attributed to attacks targeting foreign...
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
Nov 30, 2025Ravie LakshmananHacktivism / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities...
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Nov 28, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave...
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware
Nov 28, 2025Ravie LakshmananSupply Chain Attack / Malware The North Korean threat actors behind the Contagious Interview campaign have continued...
Why Organizations Are Turning to RPAM
Nov 28, 2025The Hacker NewsEnterprise Security / Threat Detection As IT environments become increasingly distributed and organizations adopt hybrid and...
MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants
Nov 28, 2025Ravie LakshmananEmail Security / Enterprise Security Cybersecurity researchers have shed light on a cross-tenant blind spot that allows...
