Cybersecurity researchers have uncovered a new form of supply chain attack hidden within the npm ecosystem. A malicious npm package was discovered embedding malware inside steganographic QR codes, a technique designed to slip past traditional security defenses. The attack highlights growing risks in opensource software dependencies and developer tools How the Malware Works The compromised…
The Brazilian-origin Caminho Loader uses least significant bit (LSB) steganography to hide .NET payloads inside image files, enabling fileless malware delivery across South America, Africa and Eastern Europe. This advanced threat demands immediate action from security teams.
Aardvark is OpenAI’s GPT-5–powered security agent that reads repositories like a human, validates exploitability in a sandbox, and proposes precise patches. Consequently, teams can cut detection and remediation time without slowing delivery.
ConnectWise has patched two critical vulnerabilities (CVE-2025-11492 & CVE-2025-11493) in its Automate platform that allowed adversary-in-the-middle attacks on software updates. MSPs and on-prem deployments must upgrade immediately to prevent malicious update injection and integrity bypass.
A Reagan-themed anti-tariff ad paused U.S.–Canada talks. Canada’s prime minister apologized to Trump, seeking to cool tempers, protect exporters, and restart negotiations.
Global law enforcement has seized a dark web leak site allegedly operated by Scattered Spider, halting a notorious pipeline of stolen corporate data. Here’s what cybersecurity experts need to know about the takedown.
A newly discovered Android banking trojan combines overlay attacks with a stealthy hidden VNC server to gain full remote control over compromised devices.
When a TikTok video depicting a “wanted: dead or alive” poster of U.S. Attorney General Pam Bondi appeared, major platforms responded. This article unpacks how TikTok, Google and Comcast cooperated with the FBI, the device and IP information they provided, and the broader implications for how threats on social media become federal investigations.
Volkswagen Group faces a serious cybersecurity challenge after ransomware gang 8Base claimed to have stolen sensitive data from its global operations. The incident exposes growing supply-chain risks and highlights how industrial manufacturers remain prime targets for modern cyber-extortion campaigns.
Threat actors are increasingly poisoning AI tools and assistants embedding dangerous prompts or corrupting the data they rely on to turn defenses against organizations.