account security
-
Self-propagating npm supply-chain attack hits at least 187 packages in ‘Shai-Hulud’ worm
Security researchers warn of a self-propagating supply-chain attack on npm that has compromised at least 187 packages in a campaign dubbed ‘Shai-Hulud.’ The worm begins with the widely used @ctrl/tinycolor package and spreads to other maintainers’ packages, using a bundle.js payload that leverages TruffleHog to exfiltrate secrets and forge GitHub Actions workflows.
-
Apple says devices targeted by mercenary spyware in new wave of attacks, CERT-FR reports
France’s CERT-FR says Apple devices were targeted in a new wave of mercenary spyware attacks, issuing four threat notifications this year and noting that some campaigns exploit zero-day flaws while others require no user interaction.
-
18 npm Packages Published With Malware That Rewrites Crypto Destinations
Aikido Security reported that attackers pushed malicious updates to 18 npm packages on Sept. 8 that inject browser hooks to intercept and rewrite crypto transaction destinations; the company said maintainers were targeted via phishing and listed indicators including specific compromised package versions.
-
Source-code leak exposes ERMAC Android banking trojan infrastructure, researchers say
The ERMAC Android banking trojan v3 source code was leaked online, exposing its backend, panel, and exfiltration infrastructure and signaling an expanded targeting scope of over 700 apps, along with notable operational security lapses that could invite further risk from other threat actors.
-
PipeMagic backdoor used in RansomExx attacks tied to patched Windows vulnerability CVE-2025-29824
Security researchers say the PipeMagic backdoor, used in RansomExx attacks, exploits a patched Windows vulnerability (CVE-2025-29824) and leverages a modular loader to deploy additional payloads, with activity spanning Saudi Arabia, Brazil and beyond.
-
Mozilla Alerts Developers to Phishing Threats Targeting Add-On Accounts
Mozilla has warned browser extension developers of an active phishing campaign targeting accounts on its AMO repository, urging them to exercise caution and verify the authenticity of emails claiming to be from the organization.
-
ExpressVPN Resolves Critical IP Leak Issue Affecting Remote Desktop Users
ExpressVPN has resolved a critical security flaw that exposed users’ IP addresses during Remote Desktop Protocol sessions, following insights from a bug bounty program. Affected users are encouraged to update their software for enhanced privacy.
-
Google Issues Critical Update for Chrome to Address Exploited Security Flaw
Google has released a critical update for its Chrome browser, addressing a high-severity zero-day vulnerability that could allow remote attackers to escape the browser’s sandbox. This update comes on the heels of multiple exploited vulnerabilities earlier this year, underlining the importance of regular browser updates.
-
Security Flaw in Forminator Plugin Puts Over 600,000 WordPress Sites at Risk
The Forminator plugin for WordPress, used on over 600,000 sites, has a high-severity vulnerability (CVE-2025-6463) that could allow attackers to execute arbitrary file deletions, potentially leading to complete site takeovers. Users are urged to update to the latest version or disable the plugin immediately to avoid exploitation.
-
Security Researchers Warn of Bluetooth Vulnerabilities in Popular Headphones
Security researchers have identified vulnerabilities in Airoha’s Bluetooth products, putting a wide range of earbuds and headphones at risk of unauthorized access and control. Airoha has provided fixes, but manufacturers must implement updates to secure their devices.
