New npm timing attack could lead to supply chain attacks
Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly…
LofyGang hackers built a credential-stealing enterprise on Discord, NPM
The ‘LofyGang’ threat actors have created a credential-stealing enterprise by distributing 200 malicious packages and fake hacking tools on code hosting platforms, such…
Spyware Vendor FinFisher Claims Insolvency Amid Investigation
A German company long criticized for helping governments spy on communications has shut down operations and filed for insolvency, according to authorities. FinFisher…
Lazarus acquires ability to attack the supply chain
North Korean advanced persistent threats (APT) group Lazarus — also known as Hidden Cobra — is developing supply chain attack capabilities using the…
The meta registrations won’t quit and someone went Meta Crazy on Facebook names
This meta registration craze continues to gather momentum. Back on October 11 I did a post taking a look behind the keyword Meta.…
The Largest Supermarket Chain Attacked
Tesco supermarket chain, the UK’s largest, was hit by a cyber attack and had two days without online customer service – Saturday 23rd…
China’s free VPN service exposes data from over a million users
Updated Personal Identification Information (PII) of more than one million users of the free Chinese VPN service, Quickfox, are exposed on a server…
Scammers trick Amazon and steal $1.5 million worth of rare books
According to information revealed by public defender Andrew Birge, a US Department of Justice representative for western Michigan, a scammer is being charged…
Data from the entire population of Argentina are offered for sale in cybercriminal forum
After a cyber attack last month, personal data of the entire population of Argentina may have been leaked from the Registro Nacional de…
CryptoRom scheme for iPhone steals nearly $1.4M
An international cryptocurrency “trading” scheme focused on iPhone users through popular dating apps like Bumble and Tinder has already raised nearly $1.4 million,…
Bitcoins are public and not untraceable; find out how brokers track cryptocurrency thefts
The last week of September started with the news that The official Bitcoin domain (bitcoin[.]org) was invaded by cybercriminals who applied the infamous…
Twitch suffers data leakage; source code and payments to streamers are exposed
Twitch, the web’s most famous streaming video game platform, suffered a cyber attack early this Wednesday (6). An anonymous web surfer used 4chan,…