The Tech Edvocate

North Korean Hackers Exploit Axios NPM Package in Major Supply Chain Attack

Spread the loveIn a worrying development for the cybersecurity landscape, North Korean hackers have successfully infiltrated the widely-used Axios NPM package, introducing backdoored versions of the ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

Claude Code source code accidentally leaked in NPM package

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that evade standard code review.
Android Authority

New Qualcomm exploit chain brings bootloader unlocking freedom to Android flagships (Updated: Statement)

A vulnerability in Qualcomm’s Android Bootloader implementation allows unsigned code to run via the “efisp” partition on Android 16 devices. This is paired with a “fastboot” command oversight to ...

Cloud attacks are getting faster and deadlier - here's your best defense plan

Cloud attacks are getting faster and deadlier - here's your best defense plan ...
The Hacker News

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to ...
Bleeping Computer

Google: Cloud attacks exploit flaws more than weak credentials

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.
MacRumors

This iOS Exploit Kit Has 23 Attacks – But Lockdown Mode Stops It Cold

Google's Threat Intelligence Group (GTIG) has a new report out about a powerful iOS exploit kit called "Coruna," which traveled from a surveillance vendor's customer to a Russian espionage group to ...
9to5Mac

Google and iVerify reveal government-grade iPhone exploit kit spreading to hackers

Google’s Threat Intelligence Group and security company iVerify have shared details about Coruna, an exploit kit that chains multiple vulnerabilities to target iPhones running older iOS versions. Here ...
Computer Weekly

PromptSpy Android malware may exploit Gemini AI

An Android-specific malware targeting mobile device takeover appears to use generative AI (GenAI) services in its execution flows to maintain persistence on the victim’s smartphone, researchers at ...
Fox News

Ukraine makes fastest gains in years as Russia talks stall, exploiting cracks in Kremlin command

As U.S.-backed negotiations between Russia and Ukraine in Geneva ended without a breakthrough, Kyiv made gains on the battlefield, recapturing territory at its fastest pace in years through localized ...