Threat actors are using Grok, X’s built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising. […]
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar.
“The two npm packages abused smart contracts to conceal malicious
“The two npm packages abused smart contracts to conceal malicious
US offers $10 million bounty for info on Russian FSB hackers
The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infrastructure organizations on behalf of the Russian government. […]
US Cybersecurity Agency Flags Wi-Fi Range Extender Vulnerability Under Active Attack
Flaw allows attackers to reset and hijack TP-Link TL-WA855RE devices; CISA urges users to retire discontinued extenders.
The post US Cybersecurity Agency Flags Wi-Fi Range Extender Vulnerability Under Active Attack appeared first on SecurityWeek.
Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws
Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws. […]
US sues robot toy maker for exposing children’s data to Chinese devs
The U.S. Department of Justice has sued toy maker Apitor Technology for allegedly allowing a Chinese third party to collect children’s geolocation data without their knowledge and parental consent. […]
Police disrupts Streameast, largest pirated sports streaming network
The Alliance for Creativity and Entertainment (ACE) and Egyptian authorities have shut down Streameast, the world’s largest illegal live sports streaming network, and arrested two people allegedly associated with the operation. […]
SaaS giant Workiva discloses data breach after Salesforce attack
Workiva, a leading cloud-based SaaS (Software as a Service) provider, notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data. […]
Google Patches High-Severity Chrome Vulnerability in Latest Update
Chrome’s latest release addresses a high-severity use-after-free vulnerability in the V8 JavaScript engine that could be exploited for remote code execution.
The post Google Patches High-Severity Chrome Vulnerability in Latest Update appeared first on SecurityWeek.
Google fixes actively exploited Android flaws in September update
Google has released the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited flaws. […]