News
-
RatOn Android malware evolves into ATS-enabled remote access trojan, ThreatFabric says
ThreatFabric reports that RatOn has evolved from NFC relay attacks into an ATS-enabled Android remote access trojan, capable of automated cryptocurrency transfers, overlay ransomware-style screens, and NFC relay via NFSkate, with initial activity centered in the Czech Republic and Slovakia likely to follow.
-
18 npm Packages Published With Malware That Rewrites Crypto Destinations
Aikido Security reported that attackers pushed malicious updates to 18 npm packages on Sept. 8 that inject browser hooks to intercept and rewrite crypto transaction destinations; the company said maintainers were targeted via phishing and listed indicators including specific compromised package versions.
-
Netskope seeks up to $6.5 billion valuation in U.S. IPO
Netskope said it is seeking up to a $6.5 billion valuation in a U.S. IPO, proposing to sell 47.8 million shares at $15–$17 to raise up to $813 million; it plans to list on Nasdaq under the symbol NTSK with Morgan Stanley and J.P. Morgan as lead underwriters.
-
Plex urges password resets after data breach; authentication data exposed
Plex disclosed a data breach that exposed a subset of customer data, including emails, usernames, and securely hashed passwords. The company urged users to reset their passwords, sign out of devices, and enable two-factor authentication, noting that no payment card data was affected.
-
GhostAction: GitHub supply-chain attack exposes 3,325 secrets across hundreds of repositories
Researchers say a GitHub supply-chain campaign named GhostAction stole about 3,325 secrets across PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys, by compromising maintainer accounts to inject malicious GitHub Actions workflows that exfiltrate secrets to an attacker-controlled endpoint.
-
Lovesac confirms data breach after ransomware attack; notices indicate data exposure and recovery steps
Lovesac disclosed a data breach after a March 2025 ransomware intrusion, exposing personal data of an undisclosed number of individuals. The company discovered the breach on Feb. 28, 2025, and offered 24-month credit monitoring through Experian while noting no current evidence of misuse. A Vermont AG notice and a GlobeneNewswire release provide context on the…
-
Noisy Bear Linked to Kazakh Energy Sector in Operation BarrelFire, Seqrite Says
Security researchers attribute a new campaign, Operation BarrelFire, to the Noisy Bear group, targeting Kazakhstan’s KazMunayGas with phishing lures and a DLL-based implant designed to deliver a reverse shell, amid broader regional cyberactivity and training-misinterpreted reports.
-
Qantas cuts executive bonuses by 15% after data breach
Qantas cut senior executive short-term bonuses by 15% after a late-June data breach that exposed millions of customers, reducing CEO Vanessa Hudson’s bonus by A$250,000 and five other executives’ bonuses by a combined A$550,000 while noting overall executive pay rose and the airline posted an A$2.4 billion underlying pre-tax profit.
-
Wealthsimple reports data breach affecting under 1% of customers; breach tied to third‑party software in suspected supply‑chain attack
Wealthsimple disclosed a data breach affecting less than 1% of its customers, with attackers accessing personal data but not funds or passwords. The breach is linked to a compromised third-party software package and is being treated as part of a broader Salesloft supply-chain attack. The firm is offering two years of free credit monitoring and…
-
VirusTotal flags 44 undetected SVGs in Colombian phishing campaign; hundreds of SVGs detected in the wild
VirusTotal has flagged a new malware campaign using 44 undetected SVG files to phish as Colombia’s Fiscalía General de la Nación, injecting a Base64-encoded HTML page and triggering a hidden ZIP download. Overall SVG detections in the wild have reached 523, with earliest samples dating to August 14, 2025.
