News
-
Git dependencies can bypass npm ignore-scripts protections, researchers find
Koi Security found that Git dependencies can circumvent npm’s –ignore-scripts protection and allow code execution. Several JavaScript package managers patched the flaws but npm closed the report and did not apply a fix
-
Konni uses AI generated PowerShell malware to target blockchain developers
Konni used AI generated PowerShell malware to target blockchain developers in Japan, Australia and India, using spear-phishing with LNK files and multi stage loaders to deploy a persistent backdoor, according to a Check Point Research technical report.
-
Google expands Personal Intelligence into AI Mode in Search
A product blog from Google announced Personal Intelligence will expand into AI Mode in Search, letting AI Pro and AI Ultra subscribers opt in to link Gmail and Photos for tailored results as a Labs experiment starting today.
-
Entra ID to auto-enable passkey profiles and add synced passkeys from March 2026
Starting March 2026 Entra ID will automatically enable passkey profiles and add support for synced passkeys. A Microsoft message center announcement outlines staged rollout with opt-in and automatic migration and a new passkeyType profile setting.
-
AWS Payment Cryptography passes PCI PIN audit with zero findings
AWS published an updated PCI PIN compliance package for AWS Payment Cryptography. A PCI PIN Attestation of Compliance shows validation by a QSA with zero findings and a Responsibility Summary clarifies customer obligations.
-
Multi-stage phishing campaign in Russia delivers Amnesia RAT and ransomware via GitHub and Dropbox
A multi-stage phishing campaign observed in Russia delivers Amnesia RAT and Hakuna Matata ransomware. The chain uses GitHub and Dropbox for payload staging and disables Defender before stealing data and encrypting files.
-
Sandworm used DynoWiper in failed cyber attack on Poland power system
ESET technical analysis said Sandworm used a new wiper called DynoWiper in an unsuccessful attack on Poland’s power system on December 29 and 30 2025. Targets included CHP plants and a renewable generation management system.
-
Malicious VSCode extensions with 1.5 million installs exfiltrate developer data
Two malicious Visual Studio Code extensions installed about 1.5 million times read and transmit open files and workspace data to China based servers, the technical analysis by Koi Security reports.
-
CISA adds four vulnerabilities to KEV catalog and sets federal patch deadline
CISA added four vulnerabilities to its Known Exploited Vulnerabilities catalog on January 22, 2026, citing active exploitation. Federal agencies must apply fixes by February 12, 2026 under BOD 22-01 to secure networks.
-
Phishing campaign leverages stolen credentials to deploy legitimate RMM for persistent access
Researchers reported a dual-wave phishing campaign that harvests Outlook, Yahoo and AOL credentials to register with LogMeIn and deploy LogMeIn Resolve via a signed executable named GreenVelopeCard.exe to maintain persistent remote access.
