The packages deployed malicious code harvesting system information, credentials, tokens, API keys, and other sensitive information.
The post 136 NPM Packages Delivering Infostealers Downloaded 100,000 Times appeared first on SecurityWeek.
Category Added in a WPeMatico Campaign
Former US Defense Contractor Executive Admits to Selling Exploits to Russia
Peter Williams stole trade secrets from his US employer and sold them to a Russian cybersecurity tools broker.
The post Former US Defense Contractor Executive Admits to Selling Exploits to Russia appeared first on SecurityWeek.
MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS
MITRE has unveiled the latest version of ATT&CK, with the most significant changes in the defensive part of the framework.
The post MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS appeared first on SecurityWeek.
AI Security Firm Polygraf Raises $9.5 Million in Seed Funding
Polygraf AI has developed proprietary small language model (SLM) technology designed to help organizations mitigate AI risks.
The post AI Security Firm Polygraf Raises $9.5 Million in Seed Funding appeared first on SecurityWeek.
CyberRidge Emerges From Stealth With $26 Million for Photonic Encryption Solution
The company has built a plug-and-play photonic layer transmission system that encrypts data in transit to prevent interception.
The post CyberRidge Emerges From Stealth With $26 Million for Photonic Encryption Solution appeared first on SecurityWeek.
XWiki Vulnerability Exploited in Cryptocurrency Mining Operation
Exploits have been available publicly for over half a year, but the bug was previously targeted only for reconnaissance.
The post XWiki Vulnerability Exploited in Cryptocurrency Mining Operation appeared first on SecurityWeek.
Ad and PR Giant Dentsu Says Hackers Stole Merkle Data
Japan’s Dentsu has disclosed a Merkle data breach impacting clients, suppliers, and employees.
The post Ad and PR Giant Dentsu Says Hackers Stole Merkle Data appeared first on SecurityWeek.
Chrome to Turn HTTPS on by Default for Public Sites
Starting October 2026, the browser will ask users if they want to access public websites that do not use secure connections.
The post Chrome to Turn HTTPS on by Default for Public Sites appeared first on SecurityWeek.
CISA Warns of Exploited DELMIA Factory Software Vulnerabilities
Two DELMIA Apriso flaws can be chained together to gain privileged access to the application and execute arbitrary code remotely.
The post CISA Warns of Exploited DELMIA Factory Software Vulnerabilities appeared first on SecurityWeek.
New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEs
Intel and AMD have published advisories after academics disclosed details of the new TEE.fail attack method.
The post New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEs appeared first on SecurityWeek.