brangberg – Page 676

Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses

Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what’s seen as a sneakier attempt to stage a software supply chain attack.
The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But, in

Study Identifies 20 Most Vulnerable Connected Devices of 2025

Routers are the riskiest devices in enterprise networks as they contain the most critical vulnerabilities, a new Forescout report shows.

The post Study Identifies 20 Most Vulnerable Connected Devices of 2025 appeared first on SecurityWeek.

PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party

Overview of the PlayPraetor Masquerading Party Variants
CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days.
As before, all the newly discovered play

GitHub Announces General Availability of Security Campaigns

GitHub security campaigns make it easier for developers and security teams to collaborate on fixing vulnerabilities in their applications.

The post GitHub Announces General Availability of Security Campaigns appeared first on SecurityWeek.

The Identities Behind AI Agents: A Deep Dive Into AI & NHI

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They’re no longer just tools,

Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine

The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel.
The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first signs of the malicious activity detected on

Nissan Leaf Hacked for Remote Spying, Physical Takeover

Researchers find vulnerabilities that can be exploited to remotely take control of a Nissan Leaf’s functions, including physical controls.

The post Nissan Leaf Hacked for Remote Spying, Physical Takeover appeared first on SecurityWeek.

Operations of Sensor Giant Sensata Disrupted by Ransomware Attack

Sensata has informed the SEC that shipping, manufacturing and other operations have been impacted by a ransomware attack.

The post Operations of Sensor Giant Sensata Disrupted by Ransomware Attack appeared first on SecurityWeek.

Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence

Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals.
“In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar,’ faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks,'” Europol said in a

‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages

CAPTCHA-evading Python framework AkiraBot has spammed over 80,000 websites with AI-generated spam messages.

The post ‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages appeared first on SecurityWeek.

Author: brangberg