-
An ongoing supply chain attack has compromised multiple npm packages published by CrowdStrike, extending a malicious campaign known as the “Shai-Halud attack.” The incident, which involves the same malware previously used to target the popular tinycolor package, highlights the persistent threat of supply chain vulnerabilities within the open-source ecosystem. The npm registry acted swiftly to […] The post CrowdStrike npm Packages Compromised in Ongoing Supply Chain Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent months, threat actors have begun exploiting the Model Context Protocol (MCP)—a universal “plug-in bus” designed to streamline AI-assistant integrations—as a novel supply chain attack vector. MCP servers allow AI assistants and development tools to translate natural-language requests into executable commands, but this convenience comes at a steep price: unvetted MCP servers can run […] The post Threat Actors Can Weaponize MCP Servers To Harvests Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
As more companies move their critical systems and data to Amazon Web Services (AWS), attackers are finding new ways to stay hidden inside cloud environments. AWSDoor is a tool designed to simplify and automate persistence techniques in AWS. Persistence…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the Case Theme User plugin for WordPress allows unauthenticated attackers to hijack any account on vulnerable sites, including administrative accounts, by exploiting the social login feature. Site owners are urged to update …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has released visionOS 26, addressing eighteen security flaws that could allow unauthorized access to sensitive user data. The update, issued on September 15, 2025, covers a wide range of components in the Apple Vision Pro platform. Apple’s …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Attackers are increasingly leveraging sophisticated techniques to maintain long-term access in cloud environments, and a newly surfaced tool named AWSDoor is emerging as a major threat. AWSDoor automates a range of IAM and resource-based persistence methods, allowing adversaries to hide in plain sight within AWS accounts without deploying traditional malware. Key Takeaways1. AWSDoor exploits IAM […] The post AWSDoor – New Persistence Technique Allows Attackers to Hide Malware Within AWS Cloud Environment appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In today’s complex digital landscape, the volume and sophistication of cyber threats have outpaced the ability of most organizations to manage their security on their own. The escalating costs of in-house security teams, the global cybersecurity …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Unvetted Model Context Protocol (MCP) servers introduce a stealthy supply chain attack vector, enabling adversaries to harvest credentials, configuration files, and other secrets without deploying traditional malware. The Model Context Protocol (MCP)—t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape demands sophisticated tools to identify and exploit vulnerabilities effectively, with Nessus vs Metasploit representing one of the most powerful combinations in modern penetration testing. As cyber threats continue to evolve rapidly, security professionals require comprehensive solutions that can both discover security weaknesses and validate their exploitability through controlled testing environments. The integration […] The post Nessus vs Metasploit Comparison: How To Exploit Vulnerabilities Using These Powerful Tools appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Active since 2011, SmokeLoader (also known as Smoke or Dofoil) has cemented its reputation as a versatile malware loader engineered to deliver second-stage payloads, including trojans, ransomware, and information stealers. Over the years, it has evolve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
