Fake npm Website Used to Push Malware via Stolen Token
Fake npm website used in phishing attack to steal maintainer token, leading to malware in popular JavaScript packages like eslint-config-prettier.
Hack Read
Microsoft Confirms Hackers Exploiting SharePoint Flaws, Patch Now
Microsoft has released new security updates to fix two serious vulnerabilities affecting on-premises SharePoint servers, warning that attackers…
GameForge AI Hackathon 2025: Building the Bridge Between Natural Language and Game Creation
A 72-hour sprint that produced working solutions for one of game development's hardest problems: making it accessible to non-programmers.
New GhostContainer Malware Hits High-Value MS Exchange Servers in Asia
Kaspersky's SecureList reveals GhostContainer, a new, highly customized backdoor targeting government and high-tech organizations in Asia via Exchange server vulnerabilities. Learn how this APT malware operates and how to stay protected.
SquidLoader Malware Campaign Hits Hong Kong Financial Firms
Trellix exposes SquidLoader malware targeting Hong Kong, Singapore, and Australia's financial service institutions. Learn about its advanced evasion tactics and stealthy attacks.
Chinese Groups Launder $580M in India Using Fake Apps and Mule Accounts
CloudSEK’s new report uncovers how Chinese cyber syndicates are laundering over $600 million annually in India. Learn about…
PoisonSeed Tricking Users Into Bypassing FIDO Keys With QR Codes
PoisonSeed group tricks users into bypassing FIDO Keys by misusing QR code logins, highlighting new social engineering risk to secure MFA.
Years Long Linux Cryptominer Spotted Using Legit Sites to Spread Malware
Cryptominer campaign runs for years using legit sites to spread malware, targeting Linux systems through known bugs and avoiding detection.
New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
Hackers are exploiting a new TeleMessage SGNL flaw that exposes sensitive data. CISA warns agencies to patch or stop using it by July 22.
Massive Data Leak at Texas Adoption Agency Exposes 1.1 Million Records
Texas adoption agency suffers major data leak, exposing over 1.1M sensitive records including case notes, contact info, and internal communications to public without any security authentication or password.
Police Shut Down 100 Servers Tied to Russian NoName057(16), Arrest 2
In an operation called Eastwood, authorities arrested two people and shut down more than 100 servers linked to the Russian group NoName057(16).
GitHub Abused to Spread Amadey, Lumma and Redline InfoStealers in Ukraine
Hackers abused fake GitHub accounts to spread Emmenhtal, Amadey, Lumma and Redline infoStealers in attacks linked to a phishing campaign targeting Ukraine in early 2025.
Chinese Salt Typhoon Infiltrated US National Guard Network for Months
A Department of Homeland Security memo confirms Chinese group Salt Typhoon, extensively compromised a US National Guard network for nearly a year, stealing sensitive military and law enforcement data.
How Secure Is Online Fax: Privacy and Data Protection Standards
When it comes to sharing sensitive documents online, security sits at the top of everyone’s checklist. Online faxing is…
BADBOX 2.0 Found Preinstalled on Android IoT Devices Worldwide
BADBOX variant BADBOX 2.0 found preinstalled on Android IoT devices in 222 countries, turning them into proxy nodes used in fraud and large-scale malicious activity.
UnitedHealth-Linked Health Tech Firm Episource Breach Hits 5.4M Patients
Episource breach exposed data of 5.4M patients across the US. Linked to UnitedHealth’s Optum, the health tech firm was hit by a ransomware attack in early 2025.
Data-Driven Marketing in 2025: Navigating Risks, Ethics and Compliance Management
The modern marketing stack and every effective marketing platform runs on data. From ad campaigns to user journeys,…
Cut Response Time with This Free, Powerful Threat Intelligence Service
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.
Ex US Soldier Cameron Wagenius Guilty in Telecom Hacking and Extortion
Former US Army soldier Cameron Wagenius pleads guilty to hacking telecom companies and extorting $1 million+ using cybercrime forums like BreachForums and XSS.
Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack
Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users.
