Security & IT News

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. [...]

Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. [...]

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an account

New GoGra Linux malware linked to Harvester APT targets systems in South Asia, using fake PDFs and Microsoft APIs for covert command and control.

Google Cloud’s COO advocated for combining general-purpose frontier large language models with task-specific AI agents

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. [...]

The app and website hosting company has found evidence of a second compromise of customer accounts after expanding its initial investigation following a breach in early April.

Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals" membership database. [...]

Password resets are one of the easiest ways for attackers to bypass security controls. Specops Software shows how helpdesk social engineering turns a seemingly legitimate reset request into full account compromise. [...]

Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from JFrog and Socket. "The affected package version appears to be @bitwarden/[email protected], and the malicious code was published in 'bw1.js,' a file included in the package contents," the application security company said. "The attack appears to have leveraged

Wade Woolwine is Senior Director, Product Security at Rapid7. The headlines around Glasswing have focused on how quickly AI can surface vulnerabilities, which has naturally caught the attention of security leaders. In my conversations with teams and customers, the more useful discussion has been about what that speed means in practice for business protection, especially across open source risk, dependency choices, and software supply chain resilience. The deeper issue for security leaders sits elsewhere. Software risk is becoming harder to manage across the full lifecycle, especially in open source dependencies, build pipelines, developer environments, and the operational processes that sit between disclosure and remediation. When vulnerabilities can be found faster and at greater depth, security teams need more than another source of findings. They need a stronger way to understand what they run, what they trust, what they can patch quickly, and where a single weak dependency can create disproportionate risk. Faster discovery makes software supply chain resilience a more immediate leadership issue. CISOs need a clearer view of how dependencies are chosen, monitored, validated, and governed across production, build, and developer environments, especially as open source remains essential to modern software development. Organizations already struggle to absorb vulnerability disclosures at the pace they are coming in, because when discovery gets faster, the operational gap widens between knowing there is a problem and being able to do something useful about it. That gap is especially serious in the software supply chain, where a single dependency can introduce risk into build systems, production workloads, developer endpoints, and the tools used to secure them. This is why I would frame AI-driven vulnerability discovery risk as a lifecycle challenge. The pressure does not sit in one place, but across inventory, dependency decisions, threat intelligence, patching discipline, and validation – with people, process, and visibility shaping how well an organization can respond. Technology matters, but it cannot compensate for a weak operating model underneath it. Open source still matters. Dependency choices matter more. Open source remains essential to modern software development because it helps teams move faster and get products to market without rebuilding common functionality from scratch. The better response is to be more deliberate about where and how third-party code enters the environment. Open source has always involved a trade-off between speed, efficiency, flexibility, and inherited risk, and that trade-off becomes harder to manage as AI makes code review deeper and faster. More flaws and supply chain compromises will likely be found in packages that teams have trusted for years, including transitive dependencies most developers did not knowingly choose. One only needs to look back a few weeks to find that the widely used Axios package suffere

Microsoft confirmed that a recent Microsoft Edge browser update introduced a bug that prevents Windows users from joining Teams meetings. [...]

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind apps is easier than breaking the apps themselves. The exploits are simple but still work

Apple patches iOS flaw that retained deleted notifications, exposing message data

The United Kingdom's National Cyber Security Centre (NCSC-UK) and international partners warned that China-nexus hackers are increasingly using large-scale proxy networks of hijacked consumer devices to evade detection and disguise their malicious activity. [...]

A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities. [...]

Imagine a world where hackers don't sleep, don't take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerability before it gets attacked is shrinking to zero. We call this the Collapsing Exploit Window, and it means your

The Citizen Lab found two separate surveillance vendors abusing the backbone of cellular networks to spy on several victims across the world.

div class="SCXW131754345 BCX8" div class="OutlineElement Ltr SCXW131754345 BCX8" h2 a class="c-button c-button--on-dark" href="https://urldefense.us/v3/__https://www.ncsc.gov.uk/news/defending-against-china-nexus-covert-networks-of-compromised-devices__;!!BClRuOV5cvtbuNI!Cvg8stIR3jHWVZgHhCVvEwbwDXxXIRSprOQ9JtY2YKwxUIGVovuDAu7QrFsfw3sfAVd8-gxEMIpgldwlY-jTD7G0%24" Defending against china-nexus covert networks of compromised devices /a /h2 h2 a class="c-button c-button--on-dark" href="https://urldefense.us/v3/__https://www.ncsc.gov.uk/news/executive-summary-defending-against-china-nexus-covert-networks-of-compromised-devices__;!!BClRuOV5cvtbuNI!Cvg8stIR3jHWVZgHhCVvEwbwDXxXIRSprOQ9JtY2YKwxUIGVovuDAu7QrFsfw3sfAVd8-gxEMIpgldwlYzP90Ign%24" executive summary /a /h2 h2 strong Defending against China-nexus covert networks of compromised devices nbsp; /strong /h2 p Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of compromised infrastructure, and how to defend against it nbsp; /p h3 strong Summary /strong /h3 p With support from the UK a href="https://www.ncsc.gov.uk/information/cyber-league" target="_blank" u Cyber League /u /a , this advisory has been jointly released by the National Cyber Security Centre (NCSC-UK) and international partners: nbsp; /p ul li Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) /li li Communications Security Establishment Canada’s (CSE’s) Canadian Centre for Cyber Security (Cyber Centre) /li li Germany Federal Office for the Protection of the Constitution - nbsp; nbsp; Bundesamt für Verfassungsschutz (BfV) /li li Germany Federal Intelligence Service – Bundesnachrichtendienst (BND) /li li Germany Federal Office for Information Security - Bundesamt für Sicherheit in der Informationstechnik (BSI) /li li Japan National Cybersecurity Office (NCO) - 国家サイバー統括室 /li li Netherlands General Intelligence and Security Service - Algemene Inlichtingen- en Veiligheidsdienst (AIVD) /li li Netherlands Defence Intelligence and Security Service - Militaire Inlichtingen- en Veiligheidsdienst (MIVD) /li li New Zealand National Cyber Security Centre (NCSC-NZ) /li li Spain National Cryptologic Centre – Centro Criptológico Nacional (CCN) /li li Sweden National Cyber Security Centre - Nationellt cybersäkerhetscenter (NCSC-SE) /li li United States Cybersecurity and Infrastructure Security Agency (CISA) /li li United States Department of Defense Cyber Crime Center (DC3) /li li United States Federal Bureau of Investigation (FBI) /li li United States National Security Agency (NSA) nbsp; /li /ul p Its purpose is to provide network defenders with the tools needed to defend against China-nexus cyber actors and their tactic of using large scale networks of compromised devices (covert networks) to route their cyber activity. nbsp; /p h3 strong Introduction nbsp; nbsp; /strong /h3 p Over the past few years there has been a major shift in the tactics, techniques and procedures (TTPs) use

Google Cloud will attribute a unique cryptographic ID every AI agent that will be tied to “traceable and auditable” authorization policies