Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
WinBuzzer

GhostClaw Fake OpenClaw Installer Steals macOS Dev Credentials

JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...
Security Boulevard

Fake Temu Coin airdrop uses ClickFix trick to install stealthy malware

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a ...

Fake job applications pack malware that kills EDR before stealing data

A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can ...
Wired

You Can Now Install—and Update—Microsoft Store Apps Using the Command Line

I can't stand opening the Microsoft Store. It's slow to load, confusing to browse, and full of ads for things I don't care about. Luckily, thanks to a new feature, I don't have to open the Microsoft ...
Windows Central

You can now chat with Microsoft Copilot while setting up your Windows 11 PC for the first time

A new demo experience lets users try Copilot for the first time before ever hitting the desktop, during the out of box setup experience on Windows 11. When you purchase through links on our site, we ...
GeekWire

Amazon CEO Andy Jassy defends $200B spending plan: ‘This isn’t some sort of quixotic top-line grab’

Amazon Web Services has accelerated its growth mode thanks in part to AI demand. (GeekWire File Photo / Todd Bishop) Amazon Web Services revenue grew at its fastest pace in more than three years, up ...
CSOonline

From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain

AI-assisted attackers weaponized exposed credentials and permissive roles to move from initial access to full AWS admin control in minutes. Threat actors tore through an Amazon Web Services ...