For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
The Hacker News

⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.
coinspeaker

Polymarket Smart Contract Breached: Will POL USD Crash?

Polygon’s reputation as a reliable DeFi settlement layer is under renewed scrutiny after on-chain investigator ZachXBT flagged an apparent exploit of the Polymarket UMA CTF Adapter contract, the ...
CoinDesk

ZachXBT flags $520K Polymarket exploit on Polygon, team says funds are safe

Blockchain investigator ZachXBT has highlighted a suspected security breach involving Polymarket, the world’s largest decentralized prediction market platform. Over $520,000 was reportedly drained ...
CoinTelegraph

THORChain exploit tied to malicious node and GG20 flaw

The $10.7 million THORChain exploit was caused by a GG20 vulnerability, which allowed a malicious node to reconstruct a full private key to one of its vaults. THORChain said a malicious node operator ...
NewsNation

Cartels rely on trains to run multibillion-dollar human smuggling rings

Mexican cartels and operatives known as “coyotes” were making at least $13 billion every year by 2021, according to The New York Times, which reported in 2022 that more than 5,000 people were arrested ...
Dark Reading

Content Delivery Exploit Opens Websites to Brand Hijacking

Researchers are sounding the alarm on a class of exploit inherent in Internet infrastructure itself for which there is no simple fix and nearly half of all websites globally are at risk. Conceptually, ...
NBC Los Angeles

Norwalk man accused of posing as teen to exploit minors on Snapchat

A Norwalk man has been charged in a 22-count federal indictment alleging he posed as a teenager on Snapchat to coerce minors across the country into producing and sending child sexual abuse material, ...
Ars Technica

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...
Bleeping Computer

Exploit released for new PinTheft Arch Linux root escalation flaw

A recently patched Linux privilege escalation vulnerability now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. The ...
SecurityWeek

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A compromised maintainer account was used to publish malicious package versions across the @antv namespace. A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub ...