A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location. [...]

Coinbase, a cryptocurrency exchange with over 100 million customers, has disclosed that cybercriminals working with rogue support agents stole customer data and demanded a $20 million ransom not to publish the stolen information. [...]

Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts. [...]

Google is rolling out a change to Chromium that "de-elevates" Google Chrome so it does not run as an administrator to increase security in Windows. [...]

Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States. [...]

Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. [...]

The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines. [...]

A cybersecurity incident on Nucor Corporation's systems forced the company to take offline parts of its networks and implement containment measures. [...]

New phishing tactics are abusing trusted domains, real CAPTCHAs, and server-side email validation to selectively target victims with customized fake login pages. Keep Aware's latest research breaks down the full attack chain and how these zero-day phish operate. [...]

House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information. [...]

A Kosovo national has been extradited to the United States to face charges of running an online cybercrime marketplace active since 2018. [...]

Device Encryption is a Windows feature that automatically enables BitLocker-based encryption on the system drive and other fixed drives, protecting personal data from unauthorized access without requiring complex setup. It is especially valuable on Windows Home devices, where traditional BitLocker management features are unavailable.

Source

SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. [...]

The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. [...]

Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes. [...]

Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution. [...]

Google is announcing improvements for the Advanced Protection feature in Android 16 that strengthen defenses against sophisticated spyware attacks. [...]

Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. [...]

​Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability. [...]