-
In the largest supply chain attack, hackers compromised 18 popular npm packages, which together account for over two billion downloads per week. The attack, which began on September 8th, involved injecting malicious code designed to steal cryptocurrency from users. The compromised packages include widely used libraries such as chalk, debug, ansi-styles, and supports-color. The malicious […] The post Hackers Hijacked 18 Very Popular npm Packages With 2 Billion Weekly Downloads appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply-chain attack that impacted over 700 organizations, including major cybersecurity firms, has been traced back to a compromise of Salesloft’s GitHub account that began as early as March 2025. In an update on September 6, 2025, Salesloft confirmed that an investigation by cybersecurity firm Mandiant found that threat actors leveraged this initial access […] The post Salesloft Drift Cyberattack Linked to GitHub Compromise and OAuth Token Theft appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Jaguar Land Rover (JLR), the UK’s leading luxury automotive manufacturer, has disclosed that it is the victim of a significant cyberattack affecting its global information technology infrastructure. In a statement released early Wednesday, JLR confirme…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers have demonstrated that advanced prompt injection techniques can turn defensive AI agents into potent vectors for system compromise. The findings, detailed in a new preprint titled “Cybersecurity AI: Hacking the AI Hackers via Prompt Injecti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity company Zscaler has confirmed it fell victim to a widespread supply-chain attack that exposed customer contact information through compromised Salesforce credentials linked to marketing platform Salesloft Drift. The breach, disclosed on August 31, 2025, stems from a larger campaign targeting Salesloft Drift’s OAuth tokens that has impacted over 700 organizations worldwide. Zscaler emphasized that […] The post Zscaler Confirms Data Breach – Hackers Compromised Salesforce Instance and Stole Customer Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A concerning surge in malicious domain registrations designed to exploit the upcoming 2026 FIFA World Cup, with threat actors already positioning themselves more than a year before the tournament begins. A comprehensive investigation by PreCrime Labs, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Salesforce has published a comprehensive forensic investigation guide aimed at empowering organizations to detect, analyze, and remediate security incidents within their Salesforce environments. The new guide distills best practices across three critic…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed. The vulnerability, now identified as CVE-2025-55177, was combined with a separate vulnerability in Apple’s operating systems to compromise devices and access user data. WhatsApp has since patched the vulnerability and has […] The post WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a concerning development for enterprise security, cybercriminals have begun exploiting Microsoft Teams—long trusted as an internal messaging and collaboration tool—to deliver PowerShell-based malware and gain unauthorized remote access to Windows sy…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers. The company is now alerting affected individuals about the cyber incident, which involved unauthorized access to data stored on a third-party application. On July 28, 2025, TransUnion […] The post TransUnion Hack Exposes 4M+ Customers Personal Information appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
