SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Copper mine opponents file new lawsuit to block Oak Flat project

Apache Stronghold and its allies allege that federal officials admitted a proposed copper mine would destroy Oak Flat.

Firefox 150 turns its PDF viewer into a real PDF editor

Firefox 150 adds page reordering, exporting, and image saving to its built-in PDF viewer, plus split-view improvements and ...
The Hacker News

UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

UNC6692 has been attributed to a large email campaign that's designed to overwhelm a target's inbox with a flood of spam ...
Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...
The Hacker News

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Updated LOTUSLITE targets India banking sector via CHM and DLL side-loading, expanding espionage campaign to South Korea and ...

Tempo® Communications Launches EML250-ID Marker Locator / OmniMarker-ID Markers for Intelligent Buried Asset Management

The EML250-ID and OmniMarker-ID transform underground utility management into a data-driven system that can write, ...
TechJuice

Hackers Deploy SNOW Malware Suite via Microsoft Teams

A cyber group is impersonating IT helpdesk staff via Microsoft Teams to deploy malware and target corporate systems.

With WonderCMS, I was able to get my business online in just a few steps

Installing a CMS on your web-based server doesn't have to be difficult. That's where WonderCMS comes in.
Security Boulevard

AI Vulnerability Chaining – Why Your Security Stack Cannot Detect What Comes Next

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
Indianapolis Business Journal

IndyCar plans ambitious race in D.C. for America’s birthday

The Freedom 250 Grand Prix represents a $25 million bet by IndyCar to put the series at center stage during America’s 250th ...