In the largest supply chain attack, hackers compromised 18 popular npm packages, which together account for over two billion downloads per week. The attack, which began on September 8th, involved injecting malicious code designed to steal cryptocurrency from users. The…
Dynatrace Confirms Data Breach: Hackers Accessed Customer Data From Salesforce
Dynatrace has confirmed it was impacted by a third-party data breach originating from the Salesloft Drift application, resulting in unauthorized access to customer business contact information stored in its Salesforce CRM. The company confirmed that the incident was limited to…
Using PAM for Passwordless Authentication without Local Users
Explore how to implement passwordless authentication using PAM, focusing on scenarios without local user accounts. Learn about the benefits, methods, and security considerations. The post Using PAM for Passwordless Authentication without Local Users appeared first on Security Boulevard. This article…
Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal
Nearly 500 scientists and researchers have signed an open letter warning that the latest version of the EU’s Chat Control Proposal would weaken digital security while failing to deliver meaningful protection for children. The signatories represent 34 countries and include…
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack
Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a phishing attack. The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm (“support@npmjs[.]help”),…
GhostAction campaign, scam centers grow, GPUGate hits IT
GhostAction campaign targets GitHub Scam centers see huge growth in Myanmar GPUGate targets IT firms Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is…
Microsoft Cloud Services Affected After Red Sea Cables Cut
Two cable systems in Red Sea hit by outages, affecting traffic through Middle East and degrading internet service in India, Pakistan This article has been indexed from Silicon UK Read the original article: Microsoft Cloud Services Affected After Red Sea…
APT37 Deploys New Rust and Python Malware Targeting Windows Systems
The North Korean-aligned threat group APT37, also known as ScarCruft, Ruby Sleet, and Velvet Chollima, has evolved its cyber warfare capabilities by deploying sophisticated Rust and Python-based malware in recent campaigns targeting Windows systems. Active since 2012, this advanced persistent…
This Fedora spin is perfect for one particular kind of new Linux user
With Windows 10 support ending, you might be looking for an alternative. If you like the idea of Fedora, but are afraid it isn’t user-friendly enough, Nobara has your back. This article has been indexed from Latest news Read the…
UK toughens Online Safety Act with ban on self-harm content
Charities welcome change, but critics warn the law is already too broad Tech companies will be legally required to prevent content involving self-harm from appearing on their platforms – rather than responding and removing it – in a planned amendment…
Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers
Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. “We believe the goal of this campaign was to gain initial access to organizations for the purposes of…
Hackers Hijack 18 Popular npm Packages Downloaded Over 2 Billion Times Weekly
Hackers have hijacked 18 extremely popular npm packages, downloaded more than 2 billion times every week, injecting them with sophisticated malware that targets cryptocurrency users and developers. Early on September 8th, a security feed flagged the sudden update of 18…
Chinese Hackers Salt Typhoon and UNC4841 Team Up to Breach Critical Infrastructure
Cybersecurity researchers at Silent Push have uncovered a sophisticated Chinese espionage operation linking two prominent threat actors, Salt Typhoon and UNC4841, revealing previously unreported infrastructure used to target government and corporate networks across more than 80 countries. The discovery of…
LunaLock Ransomware threatens victims by feeding stolen data to AI models
LunaLock, a new ransomware gang, introduced a unique cyber extortion technique, threatening to turn stolen art into AI training data. A new ransomware group, named LunaLock, appeared in the threat landscape with a unique cyber extortion technique, threatening to turn…
Attackers test the limits of railway cybersecurity
Railway systems are the lifeblood of many economies, supporting everything from daily passenger transport to military and industrial operations, so the question arises: how secure are they from a cybersecurity perspective? Like all industries, the railway industry is undergoing its…
Connected cars are racing ahead, but security is stuck in neutral
Connected cars are already on Europe’s roads, loaded with software, sensors, and constant data connections. Drivers love the features these vehicles bring, from remote apps to smart navigation, but each new connection also opens a door to potential cyber risks.…
Maduro Hails Huawei Mate X6 Gift From China as ‘Unhackable’ by U.S.
Venezuelan President Nicolás Maduro made bold claims about cybersecurity during a press conference on September 1, 2025, as he showcased a Huawei smartphone gifted to him by Chinese President Xi Jinping. Holding up the device before international media in Caracas,…
IT Security News Hourly Summary 2025-09-09 06h : 3 posts
3 posts were published in the last hour 4:3 : Forget disappearing messages – now Signal will store 100MB of them for you for free 4:3 : Cybersecurity jobs available right now: September 9, 2025 3:35 : Massive Leak Shows…
Qualys Confirms Cyberattack Campaign Targeting Salesforce via Salesloft and Drift
Qualys has confirmed that it was recently impacted by a cybersecurity campaign targeting Salesloft and Drift, two third-party SaaS platforms that integrate with Salesforce. The company emphasized that customer data and its own production environments on the Qualys Cloud Platform…
Are we headed for an AI culture war?
In this Help Net Security video, Matt Fangman, Field CTO at SailPoint, discusses whether an AI culture war is inevitable. He explores the rise of AI agents as a new identity type, the need for guardrails and human supervision, and…
Employees keep feeding AI tools secrets they can’t take back
Employees are putting sensitive data into public AI tools, and many organizations don’t have the controls to stop it. A new report from Kiteworks finds that most companies are missing basic safeguards to manage this data. Security control maturity pyramid…
Forget disappearing messages – now Signal will store 100MB of them for you for free
Including messages sent to users, a potential problem for the privacy-conscious Encrypted messaging app Signal is rolling out a free storage system for its users, with extra space if folks are willing to pay for it.… This article has been…
Cybersecurity jobs available right now: September 9, 2025
Analyst, Cybersecurity DFIR ICE | Singapore | On-site – View job details As an Analyst, Cybersecurity DFIR, you will review and triage user-reported emails to identify phishing, malware, and other threats, taking containment actions and supporting eradication efforts. You will…
Massive Leak Shows How a Chinese Company Is Exporting the Great Firewall to the World
Geedge Networks, a company with ties to the founder of China’s mass censorship infrastructure, is selling its censorship and surveillance systems to at least four other countries in Asia and Africa. This article has been indexed from Security Latest Read…