Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension… Read More »Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and… Read More »GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered… Read More »Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that… Read More »Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track… Read More »SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild. The patch addresses a total of… Read More »Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off… Read More »ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware
India’s telecommunications ministry has reportedly asked major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on all new phones within 90 days. According to a report… Read More »India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and… Read More »⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
The AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges. For the last two decades, whether you used Chrome,… Read More »Webinar: The “Agentic” Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams