A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum developers. “The packages masquerade as legitimate cryptographic utilities and Flashbots MEV infrastructure while secretly exfiltrating private keys and mnemonic seeds to a Telegram bot controlled by the threat actor,” Socket researcher…

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google’s CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending…

Experts agree there have been subtle improvements, with new laws and applied best practices, but there is still a long way to go. ​ ​ ​Read More

Exploitation of CVE-2025-42957 requires “minimal effort” and can result in a complete compromise of the SAP system and host OS, according to researchers. ​ ​ ​Read More

The biggest vulnerabilities may lie at the boundaries of where the AI agent connects with the enterprise system. ​ ​ ​Read More

The vulnerability marks the latest example of threat actors weaponizing exposed ASP.NET machine keys for remote injection and deserialization attacks. ​ ​ ​Read More

Reports of disruptions at North American plants emerged earlier this week, though the nature of the attack on the tire manufacturer remains unclear. ​ ​ ​Read More

New threat actor “GhostRedirector” is using a malicious IIS module to inject links that try to artificially boost search engine ranking for target sites. ​ ​ ​Read More

The Nonprofit organization launched the Threat Handling Foundations Certificate amid mounting incident and breach disclosures. ​ ​ ​Read More

What’s believed to be a global phishing-as-a-service enterprise using cloaking techniques has been riding on public cloud infrastructure for more than 3 years. ​ ​ ​Read More