-
In the largest supply chain attack, hackers compromised 18 popular npm packages, which together account for over two billion downloads per week. The attack, which began on September 8th, involved injecting malicious code designed to steal cryptocurrency from users. The compromised packages include widely used libraries such as chalk, debug, ansi-styles, and supports-color. The malicious […] The post Hackers Hijacked 18 Very Popular npm Packages With 2 Billion Weekly Downloads appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers have hijacked 18 extremely popular npm packages, downloaded more than 2 billion times every week, injecting them with sophisticated malware that targets cryptocurrency users and developers. Early on September 8th, a security feed flagged the su…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Venezuelan President Nicolás Maduro made bold claims about cybersecurity during a press conference on September 1, 2025, as he showcased a Huawei smartphone gifted to him by Chinese President Xi Jinping. Holding up the device before international media…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Qualys has confirmed that it was recently impacted by a cybersecurity campaign targeting Salesloft and Drift, two third-party SaaS platforms that integrate with Salesforce. The company emphasized that customer data and its own production environments o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in Progress OpenEdge, a platform for developing and deploying business applications. The flaw, identified as CVE-2025-7388, allows for remote code execution (RCE) and affects multiple versions of the software, potentially enabling attackers to execute arbitrary commands with elevated system privileges. The vulnerability resides in the AdminServer component of […] The post Progress OpenEdge AdminServer Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A severe vulnerability in Windows Defender’s update process allows attackers with administrator privileges to disable the security service and manipulate its core files. The technique, which leverages a flaw in how Defender selects its execution folder, can be carried out using tools already available on the Windows operating system. The vulnerability was detailed by Zero […] The post Windows Defender Vulnerability Allows Service Hijacking and Disablement via Symbolic Link Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In Caracas this week, President Nicolás Maduro unveiled the Huawei Mate X6 gifted by China’s Xi Jinping, declaring the device impervious to U.S. espionage efforts. The announcement coincides with heightened tensions between Washington and Beijing, as the United States enforces stringent controls on Chinese telecom equipment. Beyond its political symbolism, the Mate X6 has become […] The post Venezuela’s Maduro Says Huawei Mate X6 Gift From China is Unhackable by U.S. Spies appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers first observed LunaLock in early September 2025, a sophisticated ransomware strain targeting independent illustrators and digital artists. Leveraging compromised credentials and social engineering, the group behind LunaLock has zeroed in on a niche marketplace—Artists & Clients—where freelance creators exchange custom commissions. Initial intrusion involved spear-phishing campaigns disguised as royalty notifications, enticing victims to […] The post LunaLock Ransomware Attacking Artists to Steal and Encrypt Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A massive data breach in early September 2025 attributed to a cyber actor known simply as “Kim” laid bare an unprecedented view into the operational playbook of Kimsuky (APT43). The leak, comprising terminal history files, phishing domains, OCR workflows, compiled stagers, and a full Linux rootkit, revealed a credential-centric campaign that targeted South Korean government […] The post Exposed ‘Kim’ Dump Exposes Kimsuky Hackers New Tactics, Techniques, and Infrastructure appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
LunaLock, a newly surfaced ransomware strain, has launched a targeted campaign against independent artists and their clients, demanding a hefty ransom in exchange for stolen creative works and leaked personal data. Emerging in early September 2025, the…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
