Attackers backdoored 32 packages in Red Hat’s official npm scope to steal cloud and CI secrets
Tag: official
AI, Apps, Cybersecurity, Global Security News, Government & Policy
A Fake UK Visa Site Left 100,000 Passports Wide Open
A third-party UK visa site exposed passports and selfies on a public AWS server. It’s not official GOV.UK and affected at least 100,000 documents. UK Visa Portal is not run by the British government. It’s a third-party service, apparently operated by a UAE-registered company called Active Leadgen LLC, that charges fees to help people apply…
AI, Global Security News, Risk Management
AI models more vulnerable than claimed when faced with iterative attacks
CISOs relying on LLM runtime guardrails and official safety scores when making security decisions about their organizations’ AI usage and model selection are due for a wakeup call. According to a new study from Cisco, frontier models from OpenAI, Anthropic, Google, xAI, and Amazon have significantly worse risk profiles when pressured in multi-turn attacks compared…
Global Security News
Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise
Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data
Data Breaches, Global Security News
Hackers Hijack JDownloader Site to Deliver Malware Through Installers
JDownloader confirms a security breach where hackers manipulated official download links to distribute malicious files between 6 and 7 May 2026.
AI, Cybersecurity, Global Security News
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps have collectively racked up more than 7.3 million downloads,…
Data Breaches, Global Security News
ShinyHunters Defaces Canvas LMS Portal, Thousands of Universities Affected
ShinyHunters hackers defaced the official Canvas LMS portal after breaching Instructure systems, disrupting university access worldwide.
AI, Global Security News
Official SAP npm packages compromised to steal credentials
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers’ systems. […]
AI, Cybersecurity, Global Security News
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official…
Global Security News
Over 100 Chrome extensions in Web Store target users accounts and data
More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. […]
AI, Global Security News
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. […]
Global Security News
Homey Expands with Reolink Integration Across Cameras, Doorbells and NVRs
Athom, the company behind the Homey smart home platform, today announced an official integration with Reolink. With the new Reolink app in the Homey App Store, users can connect their Reolink cameras, doorbells, and NVR systems to Homey.
AI, Exploits, Global Security News
Millions of UK firms on alert after Companies House data exposure
Companies House, the UK’s official company registry, said its WebFiling service is back online after being shut down on Friday to fix a security issue that may have exposed the personal data of millions of firms. An investigation indicates the flaw was likely introduced during an October 2025 update. According to Companies House, only users…
Global Security News
Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign
Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers
AI, Global Security News, Government & Policy, Risk Management
Anthropic holds firm against the Pentagon after supply‑chain risk label
Anthropic is standing firm in its dispute with the US Department of War after receiving an official letter designating it as a supply-chain risk, signaling that the company is unlikely to concede to the Pentagon’s demands over the military use of its frontier models. “I would like to reiterate that we had been having productive…
AI, china, Global Security News, Government & Policy, Russia
Chinese group’s ChatGPT use reveals worldwide harassment campaign against critics
A Chinese law enforcement official attempted to use ChatGPT to review its reports on cyber operations, subsequently revealing details of a worldwide online harassment and silencing campaign of China’s critics at home and abroad. In a new threat report released Wednesday, OpenAI said the activity concerned a single account that regularly used ChatGPT to review…
AI, Global Security News, malware
Fake troubleshooting tip on ClawHub leads to infostealer infection
A new malware delivery campaign has hit ClawHub, the official online repository for “skills” that augment the capabilities of the popular OpenClaw AI agent. Unlike previous ones, this campaign does not aim to trick users into downloading a bogus, malicious skill. Instead, the threat actor is leaving this particular comment on popular legitimate skills published…
AI, china, Cybersecurity, Global Security News, Risk Management
State Dept. official says post-quantum transition plans will outlive current leadership
A cybersecurity official at the State Department called for the public and private sector to more tightly coordinate plans to transition their systems, devices and data to quantum-resistant encryption algorithms. Gharun Lacy, Deputy Assistant Secretary for the Cyber and Technology Security Directorate at the Department of State, issued a challenge for cybersecurity defenders to view…
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security
FBI: Threats from Salt Typhoon are ‘still very much ongoing’
A top FBI cyber official said Salt Typhoon, the Chinese cyber espionage group behind the widespread compromise of U.S. telecommunications infrastructure in 2024, continues to pose a broad threat to both America’s private and public sectors. Michael Machtinger, deputy assistant director for cyber intelligence at the FBI, touted improved partnerships between the telecommunications industry and…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Risk Management
HHS burrows into identifying risks to health sector from third-party vendors
A Department of Health and Human Services official said Thursday that HHS is devoting a lot of attention to the security of third-party service providers after the 2024 Change Healthcare cyberattack. That attack, which is widely regarded as the biggest ever in the sector — including by HHS’s Charlee Hess, who spoke Thursday at CyberTalks…
AI, Global Security News
Apple’s iOS adoption data shows consistency
Apple has published its official iOS 26 and iPadOS 26 adoption figures on its developer website. While they do show a slightly slower upgrade pace than in past years, it’s far from the dramatic falloff implied by StatCounter earlier this year following a change in how it gathered this information. What are the latest adoption numbers? The company says…
AI, Global Security News, Government & Policy, Risk Management
Fulton County lawsuit claims feds used ‘gross mischaracterizations’ to justify raid
A former federal official who tested and certified voting machines used in Fulton County, Georgia for the 2020 presidential election told a court that the federal government misrepresented key facts and omitted exculpatory public evidence while seeking a warrant in last month’s law enforcement raid. The raid, carried out by the FBI and overseen by…