Techie Tonic: Two CISOs warn Axios breach changes supply chain trust model

Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...

Unico plants flag in Menlo Park after acquisition spree

The company made three acquisitions since 2024, adding liveness detection technology and passwordless authentication. Its ...
Windows Report

Hackers Breached Axios npm by Impersonating Companies and Hijacking Maintainer Access

Hackers infiltrated Axios maintainers using fake Slack channels and Teams calls, then published infected packages.

API Key Leak Exposes AWS, Stripe, OpenAI Credentials Across Thousands of Sites

Researchers found thousands of exposed API keys across 10 million webpages, including AWS, Stripe, and OpenAI credentials ...
SecurityWeek

Axios NPM Package Breached in North Korean Supply Chain Attack

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Google Threat Intel Flags Ghostblade As Crypto-Stealing Malware

Google Threat Intel Flags Ghostblade As Crypto-Stealing Malware. Google Threat Intelligence has flagged a new crypto-stealing malware named“Ghostblade” targeting Apple iOS devices. Described as part ...

Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...
Hoodline

Fake CAPTCHA Scam Tricks Windows Users Into Installing Password-Snatching Malware

Fake CAPTCHA pages can install the StealC infostealer. Don't paste or run commands; disconnect and change passwords.
CSO Online

Chained vulnerabilities in Cisco Catalyst switches could induce denial-of-service

Cisco’s widely deployed Catalyst 9300 Series enterprise switches have four security vulnerabilities, two of which could be ...
Infosecurity Magazine

Phantom Project Bundles Infostealer, Crypter and RAT For Sale

The malware, known as Phantom Stealer, collects browser credentials, cookies, saved passwords, autofill data and payment card ...
DataBreachToday

Phishing Defense: Tracking Adversary-in-the-Middle Attacks

Phishing attacks continue to grow more refined, thanks in no small part to the easy availability of constantly evolving phishing-as-a-service platforms, including ...

Why Your AI Girlfriend is a Privacy Time Bomb: 150M Users at Risk

The post Why Your AI Girlfriend is a Privacy Time Bomb: 150M Users at Risk appeared first on Android Headlines.