New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
Axios on MSN

Faster attacks, quicker exploits: Early testers of new AI models warn of their new abilities

The real leap in Anthropic's and OpenAI's latest cyber-capable models isn't that they can hack in entirely new ways, but that ...

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Although the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft ...
The Hacker News

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...