A new malicious npm campaign using fake installation logs to hide malware activity has been identified by security researchers. The attacks, discovered by ReversingLabs, involve malicious packages that mimic legitimate software installation processes while secretly downloading and executing malware designed… Read More "New Npm ‘Ghost Campaign’ Uses Fake Install Logs to Hide Malware"
Bitcoin Depot (NASDAQ: BTM), the largest Bitcoin ATM operator in the United States, reported on Wednesday that millions of dollars worth of bitcoin were stolen by hackers from its wallets. The company disclosed in an SEC filing that it detected… Read More "$3.6 Million Stolen in Bitcoin Depot Hack"
From LinkedIn to X, GitHub to Instagram, there are plenty of opportunities to share work-related information. But posting could also get your company into trouble. 01 Dec 2025 • , 5 min. read Employee advocacy has been around as a… Read More "What’s at stake if your employees post too much online"
Citrix has released a new critical security bulletin addressing two new vulnerabilities in its NetScaler Application Delivery Controller (ADC) and NetScaler Gateway. The two products, formerly known as Citrix ADC and Citrix Gateway, are networking and security solutions used by… Read More "Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities"
A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts 16 Dec 2025 • , 2 min. read The second half of the year underscored just… Read More "ESET Threat Report H2 2025"
A critical arbitrary file upload vulnerability in Ninja Forms – File Upload Plugin has been identified, exposing thousands of WordPress sites to potential compromise. The issue affects plugin versions up to 3.3.26 and allows unauthenticated attackers to upload malicious files,… Read More "Critical Vulnerability in Ninja Forms Exposes WordPress Sites"
Jede neue Entdeckung – etwa mit Blick auf das Einfallstor für den Angriff, seinen Scope oder die von den Angreifern verwendeten Tools, könnten die Untersuchungsziele des Teams verändern, so Leverett: “Was als Containment-Vorhaben beginnt, kann schnell zum umfänglichen Recovery-Projekt ausarten.… Read More "So geht Post-Incident Review | CSO Online"
ESET researchers examined CVE‑2025‑50165, a serious Windows vulnerability described to grant remote code execution by merely opening a specially crafted JPG file – one of the most widely used image formats. The flaw, found and documented by Zscaler ThreatLabz, piqued… Read More "A critical flaw in Windows Imaging Component"
A flaw in Google’s API key system has reportedly exposed mobile applications to unintended access to its Gemini AI platform. According to a CloudSEK advisory published on April 8, the issue affects widely used Android apps and could allow attackers… Read More "Google API Keys Quietly Gain Access to Gemini on Android Devices"
Hackers backing Tehran say an uncertain ceasefire between Iran and the United States and Israel won’t end their retaliatory cyberattacks, a warning that American cybersecurity experts say potential targets in the U.S. and Israel should take seriously. One leading hacking… Read More "Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long"
