Attack
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. “The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling automatic trojanization of…
Week in review: 300k+ Plex Media Server instances still vulnerable to attack, exploited Git RCE flaw – Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has…
Attack On Titan’s New Complete Final Season Steelbook Is A Bargain
Attack on Titan’s Final Season is getting a Complete Edition Blu-ray with a collectible steelbook case. Slated to release November 11, roughly one year after Part 3 initially launched on Blu-ray, Attack on Titan: Final Season Complete Steelbook is up for preorder for $70 at Amazon. At first glance, $70 for one season of anime…
A brazen attack on air safety is underway — here’s what’s at stake
At the end of July, the National Transportation Safety Board (NTSB) convened a three-day public hearing to investigate January’s mid-air collision over Washington, DC that killed 67 people. After the hearing, two conclusions were inescapable. First, the disaster should have been prevented by existing safety rules. And second, the government regulators responsible for air safety…
Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari
PALO ALTO, California, May 29th, 2025, CyberNewsWire Today, SquareX released new threat research on an advanced Browser-in-the-Middle (BitM) attack targeting Safari users. As highlighted by Mandiant, adversaries have been increasingly using BitM attacks to steal credentials and gain unauthorized access to enterprise SaaS apps. BitM attacks work by using a remote browser to trick victims…
Finding Minhook in a sideloading attack – and Sweden too
Late in 2023 and during the first half of 2024, we monitored an attack campaign targeting several of our customers in multiple locations. Though the attack attempts dropped a Cobalt Strike payload, which could have led to any number of further activities, the information we were able to glean from our detections causes us to…
The Last Of Us Season Two, Episode Two Recap: When Wolves Attack
Welcome back to another recap of The Last of Us season two. It’s the big one, folks. Please leave all your golf clubs at the door on your way in so as not to impart any more emotional damage to your fellow readers. Get your “Fore!” or “birdie” jokes out of your system. Anyone who…
How Each Pillar of the 1st Amendment is Under Attack – Krebs on Security
“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.” -U.S. Constitution, First Amendment. Image: Shutterstock, zimmytws. In an address…
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
Mar 24, 2025Ravie LakshmananWeekly Recap / Hacking A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain…