Injective Labs npm Package Hijacked to Steal Crypto Wallet Keys
Attackers compromised the Injective Labs GitHub repository to publish a malicious npm package that exfiltrates private keys and mnemonic phrases.
GuidesAttackers compromised the Injective Labs GitHub repository to publish a malicious npm package that exfiltrates private keys and mnemonic phrases.
GuidesNorth Korea's Contagious Interview campaign has published 108 malicious packages across npm, Packagist, Go, and Chrome in an active supply chain operation calle
ThreatsSecurity firm runZero disclosed seven vulnerabilities in FatFs, a filesystem library embedded in cameras, drones, and industrial controllers. No upstream fix ex
GuidesCISA has added a high-severity Microsoft SharePoint RCE flaw to its KEV catalog. Federal agencies must patch by Saturday under BOD 26-04.
ToolsAI enables natural language queries on video footage, allowing intelligence officers to search for behaviors rather than objects—creating vast new surveillance
VPN & PrivacyRussia targeted Signal and WhatsApp accounts of officials and activists across Ukraine, Europe, and the U.S. via SMS phishing posing as platform support bots.
Guides
A German court ruled Google liable for AI search summaries, reigniting the carrier-vs-publisher debate and raising urgent questions about corporate accountabili
BleepingComputer hosts a July 8, 2026 webinar on account takeover threats and how behavioral AI can automate detection and response.
Tata Electronics confirmed a cyberattack on parts of its IT infrastructure. The World Leaks group leaked alleged Apple manufacturing data stolen in the incident
The AryStinger botnet has compromised over 4,000 outdated routers, converting them into proxies for scanning, tunneling, and malicious traffic operations.
Microsoft's AutoJack exploit chain turns an AI browsing agent into an RCE vector via an unauthenticated local WebSocket in AutoGen Studio.
The Gentlemen RaaS group maintains a suite of EDR-killing tools, led by GentleKiller, targeting over 400 processes across 48 security vendors.
ESET researchers detail the EDR-killing toolset of ransomware gang Gentlemen, including their in-house GentleKiller framework and integrated third-party tools.
Legacy OT systems in manufacturing face growing cyber risks as IT/OT convergence expands attack surfaces. Visibility, architecture, and long-term support are ke
EvilTokens abuses Microsoft's OAuth device code flow to compromise accounts without fake login pages or stolen passwords, bypassing 2FA entirely.