The packages did not go after the developers who might install them. The operators used the registry as free hosting for a booby-trapped proxy site and let the students who came to dodge
Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity Rules
A new CMMC review and reform task force will conduct a comprehensive review of the program.
The post Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity Rules appeared first on SecurityWeek.
Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths
The way in has been the trust the organization had already extended, usually through the OAuth connections that tie Salesforce to the apps and third-party vendors around it.
In
Japan’s largest taxi operator shuts systems after cyberattack
Hackers backdoor Jscrambler npm package with infostealer malware
New CrashStealer malware poses as Apple crash reporting tool
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs.
“It validates the victim’s login password locally before
Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found
The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a single browsing domain.
The
CISA warns of actively exploited RCE flaws in Joomla extensions
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More
That’s the shape of this week. Trusted code turns on the people who installed it. Old bugs from last year are still landing because the fix sat in a queue too
