Latest news as of 6/8/2025, 5:03:32 PM
Bleeping Computer
A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. [...]
The Hacker News
Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, introduced via a change to "lib/commonjs/index.js," allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1
The Register
Security, not model performance, is what's stalling adoption Before AI becomes commonplace in enterprises, corporate leaders have to commit to an ongoing security testing regime tuned to the nuances of AI models.… Interview
The Hacker News
Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. "Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack," Positive Technologies security researcher
Bleeping Computer
Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. [...]
Bleeping Computer
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). [...]
Have I Been Pwned
In June 2022, . The incident exposed 690k unique email addresses along with names, post codes, phone numbers and plain text passwords. the Japanese record chain store Disk Union suffered a data breach
Dark Reading
During "CISO: The Worst Job I Ever Wanted," several chief information security officers (CISOs) tell their stories and reveal how difficult it is to be in a role that's still undefined despite being around for decades.
Dark Reading
Several widespread ClickFix campaigns are underway, bent on delivering malware to business targets, and they represent a new level of phishing sophistication that defenders need to be prepared for, researchers warn.
The Register
OpenAI boots accounts linked to 10 malicious campaigns Fake IT workers possibly linked to North Korea, Beijing-backed cyber operatives, and Russian malware slingers are among the baddies using ChatGPT for evil, according to OpenAI's latest threat report.…