Latest news as of 7/18/2025, 2:26:57 AM
The Hacker News
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics,
The Register
If 40 years of faulty building gets blown down, don’t rebuild with the rubble When a typhoon devastates a land, it takes a while to understand the scale of the destruction. Disaster relief kicks in, communications rebuilt, and news flows out. Salt Typhoon is no different.… Opinion
The Register
More evidence of Beijing’s liking for grey zone warfare, or a murky claim with odd African entanglements? Taiwanese authorities have asserted that a China-linked ship entered its waters and damaged a submarine cable.…
The Register
PLUS: DoJ bans data sale to enemy nations; Do Kwon extradited to US; Tenable CEO passes away; and more Welcome to 2025: hopefully you enjoyed a pleasant holiday season and returned to the security operations center without incident - unlike Volkswagen, which last week admitted it exposed data describing journeys made by some of its electric vehicles, plus info about the vehicle’s owners.… Infosec in Brief
Bleeping Computer
Microsoft has many good ideas for Windows 11 that often do not ship, and one of them was "Dynamic Wallpapers," which, as the name suggests, could have made the wallpaper dynamic, similar to third-party tools like Lively Wallpaper. [...]
Bleeping Computer
Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses. [...]
Bleeping Computer
Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a "security fiasco" as the 10-year-old operating system nears the end of support in October 2025. [...]
Bleeping Computer
A new Android malware named 'FireScam' is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia's app market for mobile devices. [...]
Bleeping Computer
A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. [...]
Bleeping Computer
A new vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. [...]