Category: Cybersecurity News
-
npm Software Supply Chain Attack Spreads via CI and AI Coding Tools
Security researchers at Socket‘s Threat Research have uncovered a new supply-chain attack that blends typosquatting, credential theft, and emerging attacks on AI-assisted developer tooling. The campaign, tracked as SANDWORM_MODE, is being described as a worm-like operation capable of spreading across repositories once developer or CI credentials are compromised. The research documents malicious npm packages designed
-
Social Ads Used to Promote Fake Windows 11 Updates That Deliver Malware
Hackers are abusing Facebook’s advertising platform to distribute fake Windows 11 download pages that deliver credential-stealing malware instead of legitimate updates. In a Malwarebytes security report, campaigns were found using paid Facebook ads designed to look like official Microsoft promotions. They were run in multiple campaigns in parallel, each using separate domains and tracking infrastructure
-
Active Exploitation Observed in Critical BeyondTrust Vulnerability
Security research published by Palo Alto Networks’ Unit 42 has found active exploitation of a newly disclosed critical vulnerability affecting BeyondTrust’s Remote Support, a software used for privileged access and remote administration. The flaw, tracked as CVE-2026-1731, is a pre-authentication remote code execution (RCE) vulnerability that allows unauthenticated attackers to execute operating system commands through
-
PayPal Reports Extended Customer Data Exposure
According to customer notifications reviewed by BleepingComputer, PayPal disclosed a data exposure incident that led to the prolonged exposure of sensitive customer information for several months. The software misconfiguration affected the working capital loan application used by small businesses. A code change implemented in mid-2025 unintentionally made certain customer information accessible to unauthorized individuals. The
-
New Android Malware Uses Gemini AI to Stay Active and Enable Remote Control
Security researchers at ESET have identified a new Android malware family that uses Google Gemini as part of its execution flow. ESET describes it as the first known Android threat to abuse a generative AI model in this way. The malware, PromptSpy, is designed to give attackers remote access to an infected phone while resisting
-
Dell Issues Critical Security Update After Active Exploitation of RecoverPoint Vulnerability
Dell has released an urgent security update for RecoverPoint for Virtual Machines after confirming active exploitation of a critical vulnerability that could allow attackers to gain root-level access to affected systems. The flaw, tracked as CVE-2026-22769, involves hardcoded credentials embedded in RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1. An unauthenticated remote attacker with
-
Vulnerabilities Found in Popular Software Development Extensions
Security researchers have identified multiple vulnerabilities in widely used integrated development environment (IDE) extensions, add on tools used in software development editors such as Visual Studio Code, exposing an attack surface in modern software development workflows. The findings, published by researchers at OX Security, are based on an examination of several popular extensions used in
-
Research Shows Infostealers Expanding to AI Agent Environments
A recent cybersecurity investigation by Hudson Rock, a firm specializing in cybercrime intelligence and infostealer threat monitoring, has uncovered a real-world infostealer infection that successfully exfiltrated configuration files from an OpenClaw AI agent environment, signaling a notable shift in how malware targets sensitive data. Unlike traditional infostealer activity focused on browser credentials, this incident involved
Categories:
Have any comments or suggestions? Feel free to let us know!
