Latest news as of 11/19/2025, 9:47:41 PM
Bleeping Computer
GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. [...]
The Register
Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer Suspected Iranian government-backed online attackers have expanded their European cyber ops with fake job portals and new malware targeting organizations in the defense, manufacturing, telecommunications, and aviation sectors.…
Bleeping Computer
Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this innovative steganographic technique to harvest sensitive data, such as user credentials, from a compromised machine. [...]
The Register
Reeves points finger at Moscow in interview when authorities reckon it's local lads UK chancellor Rachel Reeves is blaming Moscow for Britain's latest cyber woes, an attribution that seems about as solid as wet cardboard given the trail of evidence pointing to attackers much closer to home.…
The Hacker News
GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack. This includes steps to address threats posed by token abuse and self-replicating malware by allowing local publishing with required two-factor authentication (2FA),
The Hacker News
Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting East and Southeast Asia, particularly with a focus on Vietnam. The activity, dubbed Operation Rewrite, is being tracked by Palo Alto Networks Unit 42 under the moniker CL-UNK-1037, where "
The Register
Names, emails unplugged in DCS support snafu – but 'billing is safe' An electric vehicle charging point provider is telling users that their data may be compromised, following a recent security "incident" at a service provider.…
Bleeping Computer
The disruptions over the weekend at several major European airports were caused by a ransomware attack targeting the check-in and boarding systems. [...]
Dark Reading
"Nimbus Manticore" is back at it, this time with improved variants of its flagship malware and targets that are outside its usual focus area.
Dark Reading
Zero Trust could help organizations fight back against attackers who use artificial intelligence, but new threats will require the architecture to evolve.