Malicious packages sneaked into NPM repository stole Discord tokens
People's trust in repositories make them the perfect vectors for malware. Enlarge (credit: Getty Images) Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spr.....»»
Vulnerability in Telegram app for Android allows sending malicious files disguised as videos
ESET researchers discovered a zero-day exploit, which targets the Telegram app for Android, that appeared for sale for an unspecified price in an underground forum post from June 2024. Example of how the EvilVideo exploit appears on Telegram (source:.....»»
Grype: Open-source vulnerability scanner for container images, filesystems
Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool. Find vulnerabilities for major operating system packages Alpine Amazo.....»»
Appgate launches Malware Analysis Service to safeguard enterprises and government agencies
Appgate has unveiled its new Malware Analysis Service that mitigates cyberthreats for enterprises and government agencies by identifying and neutralizing malicious software. Appgate’s Malware Analysis and Research Team now offers two new services t.....»»
SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: an enduring campaign that aims to infect Facebook users with the SYS01 infor.....»»
Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice
Files available on the open source NPM repository underscore a growing sophistication. Enlarge (credit: BeeBright / Getty Images / iStockphoto) Researchers have determined that two fake AWS packages downloaded hundreds o.....»»
Week in review: RADIUS protocol critical vuln, Microsoft 0-day exploited for a year, AT&T breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers stole call, text records of “nearly all” of AT&T’s cellular customers Hackers leveraging stolen Snowflake account credentials have sto.....»»
Exim vulnerability affecting 1.5M servers lets attackers attach malicious files
Based on past attacks, it wouldn’t be surprising to see active targeting this time, too. Enlarge More than 1.5 million email servers are vulnerable to attacks that can deliver executable attachments to user accounts,.....»»
Hackers stole call, text records of “nearly all” of AT&T’s cellular customers
Hackers leveraging stolen Snowflake account credentials have stolen records of calls and texts made by “nearly all” of AT&T’s cellular customers from May to October 2022, the company has confirmed. “The data does not contain the c.....»»
Exim vulnerability affecting 1.5 million servers lets attackers attach malicious files
Based on past attacks, It wouldn’t be surprising to see active targeting this time too. Enlarge More than 1.5 million email servers are vulnerable to attacks that can deliver executable attachments to user accounts, s.....»»
Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it
The goal of the exploits was to open Explorer and trick targets into running malicious code. Enlarge (credit: Getty Images) Threat actors carried out zero-day attacks that targeted Windows users with malware for more tha.....»»
Team investigates chemical modifications to gain deeper insights into genetic regulation mechanisms
University of North Carolina at Chapel Hill researchers have determined whether a specific chemical modification of a protein that packages the genome called a histone affects gene activity and cell proliferation, according to the paper, "Drosophila.....»»
Researchers discover a new form of scientific fraud: Uncovering "sneaked references"
A researcher working alone—apart from the world and the rest of the wider scientific community—is a classic yet misguided image. Research is, in reality, built on continuous exchange within the scientific community: First you understand the work.....»»
Careful, that jQuery package could be loaded with Trojans
Researchers found dozens of fake jQuery packages, carrying dangerous malware......»»
OpenAI never disclosed that hackers cracked its internal messaging system
A hacker infiltrated OpenAI's internal messaging system last year and stole details about the company's AI designs......»»
NordVPN File Checker protects users from infected files
NordVPN launches its third experimental product from the NordLabs platform. File Checker is an online tool that scans different types of files for malware and viruses. It helps to prevent malicious codes invading user’s devices through infected or.....»»
Vulnerabilities found in Swift repository left millions of iPhone apps exposed
The open-source Swift and Objective-C repository, CocoaPods, had multiple vulnerabilities that left millions of iOS and macOS apps exposed to potential attacks for a decade, but it is now patched.CocoaPods leave millions of iOS and macOS apps vulnera.....»»
Snowflake denies breach, blames data theft on poorly secured customer accounts
Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials. “We are aware of recent reports rela.....»»
Fossil places extinct saber-toothed cat on Texas coast
Important scientific finds don't always come in the biggest, buzziest packages. Sometimes new discoveries come in little ugly rocks. Such is the case of a 6-centimeter-wide, nondescript mass of bone and teeth that helped a scientist at The University.....»»
How fraudsters stole $37 million from Coinbase Pro users
A convincing phishing page and some over-the-phone social engineering allowed a group of crooks to steal over $37 million from unlucky Coinbase Pro users. One of them – Chirag Tomar, a 30-year-old citizen of the Republic of India – has be.....»»
Support for more smart home accessories arriving in iOS 17.6
Apple looks to support several new smart home accessories with the upcoming iOS 17.6 update, according to a public code repository.Apple's Home app is about to be more powerfulThe revelation comes by way of the implementation source code for Matter,.....»»