Cybercrime
-
Supply Chain Attack Targets Popular npm Packages with Malware Injection
A supply chain attack has compromised several popular npm packages, with researchers warning that malicious code injected through phishing campaigns could exploit maintainers’ credentials, leading to potential remote code execution.
-
Active Exploitation Campaign Targets Microsoft SharePoint Zero-Day Flaw
A critical vulnerability in Microsoft SharePoint Server, tracked as CVE-2025-53770, is currently being exploited in a large-scale attack campaign, allowing unauthorized remote code execution. Organizations are urged to implement immediate protective measures.
-
Malware-as-a-Service Campaign Exploits GitHub for Distribution
Cisco’s Talos security team has exposed a malware-as-a-service operation utilizing GitHub for malicious software distribution, raising concerns over cybersecurity in enterprise environments.
-
Massive Data Breach Exposes Sensitive Records of Texas Adoption Agency
A data breach at the Gladney Center for Adoption has exposed sensitive information of over 1.1 million individuals, prompting concerns over privacy and data security practices in organizations handling personal information.
-
TeleMessage SGNL Exposes Sensitive Data Due to Endpoint Misconfiguration
TeleMessage SGNL, a messaging application used by U.S. agencies, has been found exposing sensitive data due to outdated configurations. Cybersecurity experts are urging immediate action to address the vulnerabilities.
-
Chinese Cyber Espionage Campaign Targets Taiwanese Semiconductor Industry
Recent spear-phishing campaigns linked to Chinese state-sponsored groups are targeting Taiwan’s semiconductor industry, emphasizing the vital role of cybersecurity in this critical sector amidst escalating geopolitical tensions.
-
Chinese Hackers Breach U.S. National Guard Network, Compromise Sensitive Data
The Chinese hacking group Salt Typhoon has breached a U.S. Army National Guard network, compromising sensitive data and raising alarms over national cybersecurity.
-
Cybersecurity Researchers Uncover Advanced Matanbuchus 3.0 Malware Targeting Microsoft Teams
Cybersecurity experts have identified a new variant of the Matanbuchus malware that exploits Microsoft Teams. This advanced loader has sophisticated stealth capabilities, enhancing its potential for evading detection and targeting company employees through social engineering tactics.
-
Google Issues Critical Update for Chrome to Address Exploited Security Flaw
Google has released a critical update for its Chrome browser, addressing a high-severity zero-day vulnerability that could allow remote attackers to escape the browser’s sandbox. This update comes on the heels of multiple exploited vulnerabilities earlier this year, underlining the importance of regular browser updates.
-
Operation Eastwood Dismantles Pro-Russian Cybercrime Network NoName057(16)
Operation Eastwood has effectively disrupted the operations of the pro-Russian hacktivist group NoName057(16), conducting extensive law enforcement activities across 12 countries, despite challenges posed by the group’s core members being located in Russia.
