Security & IT News

A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions. [...]

UK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removed

French police arrest HexDex hacker, a 20-year-old suspect accused of mass data theft and leaks targeting government, sports groups, and firms.

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. [...]

Sean Plankey has requested to withdraw his name to run the U.S. cybersecurity agency after a tumultuous year of chaotic temporary leadership.

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. [...]

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. [...]

The app and website hosting company has found evidence of a second compromise of customer accounts after expanding its initial investigation following a breach in early April.

Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals" membership database. [...]

Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from JFrog and Socket. "The affected package version appears to be @bitwarden/[email protected], and the malicious code was published in 'bw1.js,' a file included in the package contents," the application security company said. "The attack appears to have leveraged

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind apps is easier than breaking the apps themselves. The exploits are simple but still work

The United Kingdom's National Cyber Security Centre (NCSC-UK) and international partners warned that China-nexus hackers are increasingly using large-scale proxy networks of hijacked consumer devices to evade detection and disguise their malicious activity. [...]

div class="SCXW131754345 BCX8" div class="OutlineElement Ltr SCXW131754345 BCX8" h2 a class="c-button c-button--on-dark" href="https://urldefense.us/v3/__https://www.ncsc.gov.uk/news/defending-against-china-nexus-covert-networks-of-compromised-devices__;!!BClRuOV5cvtbuNI!Cvg8stIR3jHWVZgHhCVvEwbwDXxXIRSprOQ9JtY2YKwxUIGVovuDAu7QrFsfw3sfAVd8-gxEMIpgldwlY-jTD7G0%24" Defending against china-nexus covert networks of compromised devices /a /h2 h2 a class="c-button c-button--on-dark" href="https://urldefense.us/v3/__https://www.ncsc.gov.uk/news/executive-summary-defending-against-china-nexus-covert-networks-of-compromised-devices__;!!BClRuOV5cvtbuNI!Cvg8stIR3jHWVZgHhCVvEwbwDXxXIRSprOQ9JtY2YKwxUIGVovuDAu7QrFsfw3sfAVd8-gxEMIpgldwlYzP90Ign%24" executive summary /a /h2 h2 strong Defending against China-nexus covert networks of compromised devices nbsp; /strong /h2 p Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of compromised infrastructure, and how to defend against it nbsp; /p h3 strong Summary /strong /h3 p With support from the UK a href="https://www.ncsc.gov.uk/information/cyber-league" target="_blank" u Cyber League /u /a , this advisory has been jointly released by the National Cyber Security Centre (NCSC-UK) and international partners: nbsp; /p ul li Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) /li li Communications Security Establishment Canada’s (CSE’s) Canadian Centre for Cyber Security (Cyber Centre) /li li Germany Federal Office for the Protection of the Constitution - nbsp; nbsp; Bundesamt für Verfassungsschutz (BfV) /li li Germany Federal Intelligence Service – Bundesnachrichtendienst (BND) /li li Germany Federal Office for Information Security - Bundesamt für Sicherheit in der Informationstechnik (BSI) /li li Japan National Cybersecurity Office (NCO) - 国家サイバー統括室 /li li Netherlands General Intelligence and Security Service - Algemene Inlichtingen- en Veiligheidsdienst (AIVD) /li li Netherlands Defence Intelligence and Security Service - Militaire Inlichtingen- en Veiligheidsdienst (MIVD) /li li New Zealand National Cyber Security Centre (NCSC-NZ) /li li Spain National Cryptologic Centre – Centro Criptológico Nacional (CCN) /li li Sweden National Cyber Security Centre - Nationellt cybersäkerhetscenter (NCSC-SE) /li li United States Cybersecurity and Infrastructure Security Agency (CISA) /li li United States Department of Defense Cyber Crime Center (DC3) /li li United States Federal Bureau of Investigation (FBI) /li li United States National Security Agency (NSA) nbsp; /li /ul p Its purpose is to provide network defenders with the tools needed to defend against China-nexus cyber actors and their tactic of using large scale networks of compromised devices (covert networks) to route their cyber activity. nbsp; /p h3 strong Introduction nbsp; nbsp; /strong /h3 p Over the past few years there has been a major shift in the tactics, techniques and procedures (TTPs) use

Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot.

Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to include an extra set of compromise indicators, alongside a review of requests to the Vercel network and environment

The French government agency that issues and manages national IDs, passports, and other documents announced that hackers stole the personal information of an unspecified number of citizens.

Anthropic is investigating a vendor breach after a Discord-linked group accessed its Claude Mythos AI model, with no evidence of impact on core systems.

Compare Broadcom TDM and K2view across architecture, integration, masking, and scalability to find the right test data management solution for your needs.

The cosmetics retailer, which counts 41 million customers in its membership data, declined to provide an accurate total number of customers affected.

Bluesky is back online after a roughly 24-hour DDoS attack disrupted services, with the Iran-linked 313 Team claiming responsibility and no data breach reported.