SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...

Anura Stops AI-Assisted SIVT Threat That Bypasses JavaScript-Based Fraud Detection Solutions

Anura identified and successfully mitigated a new form of Sophisticated Invalid Traffic (SIVT) that uses artificial ...
SecurityWeek

Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks

The majority of the 1.4 million React2Shell exploitation attempts GreyNoise saw in a week deployed cryptominers and reverse ...
CSO Online

AI-powered polymorphic attack lures victims to phishing webpages

A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.
The Caledonian-Record

Nigeria sets up new military command to slow spread of Islamic militants after deadly attack

The Nigerian government has announced a new military operation to tackle Islamic militants after more than 160 people were ...

Web skimming attacks target major payment networks

Web skimming campaigns use obfuscated JavaScript code to steal credit card data from checkout pages without detection by ...

Watch: Police enter house after XL Bully attack

Footage of XL Bully dogs being Tasered after mauling a grandmother to death was shown to a jury. Esther Martin, 68, was ...

Hackers are using LLMs to build the next generation of phishing attacks

What if a phishing page was generated on the spot?
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...

Boulder cybersecurity startup raises $31M as AI-generated attacks surge

The company has seen considerable growth in its annual recurring revenue compared with the past year, according to CEO.
The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.