The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

The Lumma Stealer malware campaign is exploiting compromised educational institutions to distribute malicious LNK files disguised as PDFs, targeting industries like finance, healthcare, technology, and media. Once executed, these files initiate a stealthy multi-stage infection process, allowing cybercriminals to steal passwords, browser data, and cryptocurrency wallets. With sophisticated evasion techniques, including using Steam profiles for command-and-control operations, this malware-as-a-service (MaaS) threat highlights the urgent need for robust cybersecurity defenses. Stay vigilant against deceptive phishing tactics to protect sensitive information from cyber exploitation.

Stay updated on the latest developments of the Chrome Web Store incident involving Cyberhaven's compromised extension. Follow live updates, detailed analysis, impacted extensions, and expert recommendations for safeguarding your organization against similar attacks

Threat actors sponsored by China “compromised” government networks over the past five years and collected valuable information, says a new report from Canada’s cyber spy agency.

China-linked threat actors compromised some U.S. internet service providers as part of a cyber espionage campaign code-named Salt Typhoon.

The state-sponsored hackers aimed at gathering intelligence from the targets or carrying out disruptive cyberattacks.

The Wall Street Journal reported that experts are investigating into the security breached to determine if the attackers gained access to Cisco Systems routers, which are core network components of the ISP infrastructures.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an unidentified threat actor compromised network administrator credentials through the account of a former employee—a technique commonly leveraged by threat actors—to successfully authenticate to an internal virtual private network (VPN) access point, further navigate the victim’s on-premises environment, and execute various lightweight directory access protocol (LDAP) queries against a domain controller.[1] Analysis also focused on the victim’s Azure environment, which hosts sensitive systems and data, as well as the compromised on-premises environment. Analysis determined there were no indications the threat actor further compromised the organization by moving laterally from the on-premises environment to the Azure environment.

Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC available on the dark web, Resecurity warns.

SecurityScorecard has discovered the threat actor group Volt Typhoon has compromised 30% of Cisco RV320/325 Devices in 37 Days. Learn more.

The X account of the U.S. Securities and Exchange Commission, which is deciding whether to approve bitcoin ETFs, "was compromised," the regulator told CoinDesk.

If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022).

$ pip3 uninstall -y torch torchvision torchaudio torchtriton
$ pip3 cache purge
PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.

One source said that the phone was so heavily compromised that it has now been placed in a locked safe inside a secure Government location.

On August 4, 2022, Twilio identified accounts of employees who were compromised by a social engineering attack. The attacker then gained access to data for a limited number of customers.