A malicious npm package tried to manipulate AI security scanners with a hidden prompt. Despite being flagged months ago, it remained downloadable and was installed nearly 17,000 times. This shows a dangerous gap between detection and actual removal in the software supply chain.
Amazon is warning its 300 million active customers about a widespread impersonation scam during the holiday shopping season. The scheme uses fake notifications and malicious links to steal financial information and account credentials.
The European Parliament and Council have agreed to hold social media platforms financially responsible for scams that originate on their services. Platforms like Meta will now have to repay banks when they fail to remove fraudulent content after being notified. The law builds on the Digital Services
The Bloody Wolf threat group has been running a sustained campaign across Kyrgyzstan and Uzbekistan since at least June 2025. They’re using clever social engineering and legitimate remote-access tools to infiltrate government targets while maintaining a low profile.
Federal agencies are warning iPhone and Android users to stop using personal VPNs, calling them security risks. This comes as lawmakers consider outright bans to enforce content restrictions. The VPN landscape is changing dramatically.
Security researchers have uncovered a sophisticated campaign targeting Zendesk users with fake domains and malicious support tickets. The attacks appear linked to the notorious Scattered Lapsus$ Hunters group, who previously targeted Salesforce. This represents a dangerous shift toward weaponizing S
A Mirai-based botnet named ShadowV2 took advantage of last October’s AWS outage to infect IoT devices across 28 countries. The malware targeted multiple industries including technology, retail, and government sectors. Security researchers believe this was likely a “test run” for future attacks.
Microsoft is extending its identity management system to treat AI agents like human users. With Gartner predicting massive AI agent adoption by 2030, companies need ways to control these digital workers. Entra Agent ID provides unique identities, monitoring, and least-privilege access for AI agents.
X’s new account location feature has uncovered that numerous popular MAGA-themed political accounts with thousands of followers aren’t actually based in the United States. Researchers found these accounts posting about U.S. politics are frequently located in South Asia, Africa, and Eastern Europe.
Security researchers have identified a dangerous new Android banking trojan that can bypass encrypted messaging apps and steal banking credentials. The malware provides attackers with full remote control capabilities. While currently limited to Europe, it could spread globally soon.
