A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. […]
Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says
British businesses need to prepare themselves to defend against cyberattacks because the U.K. could be targeted “at scale,” if it became involved in an international conflict.
The post Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says appeared first on SecurityWeek.
Microsoft Teams to get efficiency mode on PCs with limited resources
Microsoft is preparing to roll out a new Efficiency Mode for Microsoft Teams for systems with limited CPU and memory resources to improve app responsiveness. […]
New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention
Dubbed Lotus Wiper, the malware targets recovery mechanisms, overwrites drives, and systematically deletes files.
The post New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention appeared first on SecurityWeek.
Mirai Botnet Targets Flaw in Discontinued D-Link Routers
The exploitation of the command injection vulnerability started one year after public disclosure and PoC exploit code publication.
The post Mirai Botnet Targets Flaw in Discontinued D-Link Routers appeared first on SecurityWeek.
Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data
Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security decisions.
The post Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data appeared first on SecurityWeek.
Claude Mythos Finds 271 Firefox Vulnerabilities
All the flaws could have also been found by an elite human researcher, according to Mozilla.
The post Claude Mythos Finds 271 Firefox Vulnerabilities appeared first on SecurityWeek.
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026.
Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky.
“Two batch scripts are responsible for initiating the
Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky.
“Two batch scripts are responsible for initiating the
North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks
The campaigns focus on financial organizations, including cryptocurrency, venture capital, and blockchain entities.
The post North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks appeared first on SecurityWeek.
Toxic Combinations: When Cross-App Permissions Stack into Risk
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents.
The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API keys shared between agents,
The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API keys shared between agents,