-
Five malicious npm packages impersonating popular crypto libraries are stealing wallet keys from Solana and Ethereum developers and exfiltrating them directly to a hardcoded Telegram bot. Each package typosquats or wraps a legitimate crypto library and…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
HackerOne, a leading vulnerability coordination and bug bounty platform, has officially confirmed a data breach impacting its employees. The security incident did not occur directly on HackerOne’s internal network or infrastructure. Instead, the …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google’s passkey ecosystem quietly depends on a powerful cloud-side component that changes where “passwordless trust” actually lives and that shift could open new avenues for account takeover in the real world. Most passkey discussions focus on WebAuth…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply chain attack compromised Aqua Security’s popular open-source Trivy vulnerability scanner. Threat actors successfully distributed malicious code through the project’s GitHub Actions, targeting deployment pipelines to silentl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have confirmed that the sophisticated iOS exploit chain known as DarkSword is now accessible outside of its original threat actor groups. Recently, security researcher @matteyeux successfully achieved kernel read/write access on an…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tycoon2FA operators have resumed large-scale cloud account phishing just days after law enforcement and industry partners disrupted the platform’s core infrastructure, underscoring the resilience of phishing-as-a-service (PhaaS) ecosystems and the limi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CanisterWorm’s latest evolution turns TeamPCP’s cloud-native toolkit into a geopolitically tuned wiper, capable of bricking entire Kubernetes clusters when it lands on systems configured for Iran. The campaign reuses the same Internet Computer Protocol…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researcher Aleksandr Zhurnakov from PT Security has discovered a critical exploit chain in Dell Wyse Management Suite. By combining seemingly minor logic flaws, an attacker can achieve unauthenticated remote code execution. This attack targets…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
TP-Link recently published a critical security advisory addressing four high-severity vulnerabilities in its Archer series routers. The flaws impact the Archer NX200, NX210, NX500, and NX600 models. If successfully exploited, these vulnerabilities enab…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
