Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. […]
Harvard University discloses data breach affecting alumni, donors
Harvard University disclosed over the weekend that its Alumni Affairs and Development systems were compromised in a voice phishing attack, exposing the personal information of students, alumni, donors, staff, and faculty members. […]
Microsoft Highlights Security Risks Introduced by New Agentic AI Feature
Without proper security controls, AI agents could perform malicious actions, such as data exfiltration and malware installation.
The post Microsoft Highlights Security Risks Introduced by New Agentic AI Feature appeared first on SecurityWeek.
Microsoft tests File Explorer preloading for faster performance
Microsoft is testing a new optional feature that preloads File Explorer in the background to improve launch times on Windows 11 systems. […]
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s reminiscent of the Shai-Hulud attack.
The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz.
“The campaign introduces a new variant that executes malicious
The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz.
“The campaign introduces a new variant that executes malicious
Mazda Says No Data Leakage or Operational Impact From Oracle Hack
The Cl0p ransomware group has listed Mazda and Mazda USA as victims of the Oracle EBS campaign on its leak website.
The post Mazda Says No Data Leakage or Operational Impact From Oracle Hack appeared first on SecurityWeek.
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.
Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AI
Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AI
Spanish Airline Iberia Notifies Customers of Data Breach
The company has notified its customers of the incident roughly a week after a threat actor claimed the theft of 77GB of data from Iberia’s systems.
The post Spanish Airline Iberia Notifies Customers of Data Breach appeared first on SecurityWeek.
Microsoft to remove WINS support after Windows Server 2025
Microsoft has warned IT administrators to prepare for the removal of Windows Internet Name Service (WINS) from Windows Server releases starting in November 2034. […]
146,000 Impacted by Delta Dental of Virginia Data Breach
Names, Social Security numbers, ID numbers, and health information were stolen from a compromised email account.
The post 146,000 Impacted by Delta Dental of Virginia Data Breach appeared first on SecurityWeek.