The Shai-Hulud software supply chain worm is escalating. It’s moving beyond stealing GitHub tokens and is now impacting government networks and operational technology. The potential target? Critical infrastructure like utilities and manufacturing.
Organizations are racing to adopt AI, but a surge in security data is creating a major headache. The push for business results is colliding with the need for airtight governance.
An attacker drained roughly $9 million from a Yearn Finance pool by exploiting a flaw in its cached storage system. The hack was executed with an initial deposit worth less than a fraction of a cent.
America’s cyber defense agency has issued a stark mandate: update vulnerable Samsung and Pixel phones by December 23 or discontinue use. The order follows warnings of critical vulnerabilities that may already be under targeted attack.
India’s telecom ministry has ordered that all smartphones must come with the government’s Sanchar Saathi app pre-installed, and users cannot remove it. Digital rights groups are calling it a dangerous expansion of state control over personal devices.
A malicious npm package tried to manipulate AI security scanners with a hidden prompt. Despite being flagged months ago, it remained downloadable and was installed nearly 17,000 times. This shows a dangerous gap between detection and actual removal in the software supply chain.
Amazon is warning its 300 million active customers about a widespread impersonation scam during the holiday shopping season. The scheme uses fake notifications and malicious links to steal financial information and account credentials.
The European Parliament and Council have agreed to hold social media platforms financially responsible for scams that originate on their services. Platforms like Meta will now have to repay banks when they fail to remove fraudulent content after being notified. The law builds on the Digital Services
The Bloody Wolf threat group has been running a sustained campaign across Kyrgyzstan and Uzbekistan since at least June 2025. They’re using clever social engineering and legitimate remote-access tools to infiltrate government targets while maintaining a low profile.
Federal agencies are warning iPhone and Android users to stop using personal VPNs, calling them security risks. This comes as lawmakers consider outright bans to enforce content restrictions. The VPN landscape is changing dramatically.
