US cargo tech company publicly exposed its shipping systems and customer data to the web

Shipping tech company Bluspark left internal plaintext passwords, including those of executives, exposed to the internet, at ...
CSO Online

Malicious npm packages target the n8n automation platform in a supply chain attack

Researchers discovered malicious npm packages posing as n8n integrations, exfiltrating OAuth tokens and API keys from ...

Never-before-seen Linux malware is “far more advanced than typical”

Researchers have discovered a never-before-seen framework that infects Linux machines with a wide assortment of modules that ...
Dark Reading

2 Separate Campaigns Probe Corporate LLMs for Secrets

A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations' use of AI and map an expanding ...

Daily on Energy: Happy Birthday Maydeen, narrowing the Clean Water Act, and some emissions news

Good afternoon and happy Tuesday, readers! Please join us in wishing Maydeen a very Happy Birthday! 🎂🎉🥳 It’s a busy week ...

900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats

OX Security reveals how malicious Chrome extensions exposed AI chats from ChatGPT and DeepSeek, silently siphoning sensitive ...
Dark Reading

Scattered Lapsus$ Hunters Snared in Cyber Researcher Honeypot

Scattered Lapsus$ Hunters, also known as ShinyHunters, were drawn in using a realistic, yet mostly fake, dataset.

Google Goes All In on Vertical AI Videos With Veo 3.1's New Feature

Google Veo 3.1 now turns portrait images into native vertical AI videos, adds 1080p and 4K upscaling, and improves AI ...
InfoWorld

Open WebUI bug turns the ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...
The Escapist

Hytale’s latest blogpost reveals details on world generation and modding

Hypixel's latest blog post reveals info on Hytale's world generation and mod support as it closes in on its Early Access ...

NordVPN Says Leak Involved Dummy Test Data

NordVPN has denied claims that hackers breached its internal Salesforce development servers, saying recently leaked data came ...
Infosecurity Magazine

Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers

A newly discovered vulnerability in authentication platform n8n could allow threat actors to take control of n8n servers ...