New Scientist

Security credentials inadvertently leaked on thousands of websites

Researchers identified nearly 10,000 websites where API keys could be found, exposing details that could let attackers access ...

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...
The Hacker News

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft warns tax-season phishing hit 29,000 users via IRS lures, enabling credential theft and RMM-based access.
The Hacker News

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Trivy backdoored, FBI buys location data, iOS DarkSword kit, WhatsApp usernames, Langflow RCE, Cisco FMC zero-day & critical ...