CNET

Suspicious Link in Your Inbox? Here's How to Tell If It's a Scam

Contact the authorities. If you clicked on a spam link and were scammed out of money, report it to the Federal Trade Commission so they can spread the word about the scam. You'll also want to call ...

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...
DataBreachToday

Codex Bug Let Repo Files Execute Hidden Commands

OpenAI patched a command injection flaw in its Codex CLI tool that let attackers run arbitrary commands on developer machines ...
SecurityWeek

Microsoft Silently Mitigated Exploited LNK Vulnerability

Microsoft has silently mitigated CVE-2025-9491, a Windows vulnerability exploited to distribute malware via LNK files ...
The Hacker News

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

North Korean actors deployed 197 new npm packages delivering evolved OtterCookie and GolangGhost malware through fake ...

Microsoft Silently Fixes 8-Year Windows Security Flaw

The flaw, tracked as CVE-2025-9491, allowed cybercriminals to hide malicious commands from users inspecting files through ...
SecurityWeek

Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers

OpenAI recently patched a Codex CLI vulnerability that can be exploited in attacks aimed at software developers.
The Hacker News

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

In other words, these shortcut files are crafted such that viewing their properties in Windows conceals the malicious ...

State sponsored hackers have been exploiting this LNK vulnerability for years - and it has only just been patched by Microsoft

The LNK vulnerability was used to launch remote code execution in cyber-espionage, data theft, and fraud attacks.