“Sleeper” browser extensions woke up as spyware on 4 million devices
Researchers have unraveled a malware campaign that really did play the long game. After seven years of behaving normally, a set of browser extensions installed…
Month: December 2025
Senators push to renew cyber grant program for state, local governments
Listen to the article 3 min This audio is auto-generated. Please let us know if you have feedback. A bipartisan pair of senators introduced a…
Security Researchers Expose Lazarus Recruitment Pipeline Live on Camera Through Honeypot Operation
A collaborative investigation by Mauro Eldritch of BCA LTD, ANYRUN, and NorthScan has provided unprecedented visibility into how North Korean threat actors from the Lazarus…
nopCommerce Flaw Lets Attackers Access Accounts Using Captured Cookies
Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw…
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Dec 02, 2025Ravie LakshmananAI Security / Software Supply Chain Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven…
CIO interview: Innovation in reworking business processes
Leicester-based Cambridge and Counties Bank has been using a modern middleware platform from SnapLogic to help it drive out manual processes. Chief transformation officer (CTO)…
Fortinet FortiWeb flaws found in unsupported versions of web application firewall
Security researchers warn that two recently disclosed vulnerabilities in Fortinet FortiWeb can be exploited in attacks targeting earlier, unsupported versions of the web application firewall…
Google fixes two Android zero days exploited in attacks, 107 flaws
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. The two high-severity vulnerabilities are…
Candiru’s DevilsTongue Spyware Attacking Windows Users in Multiple Countries
Candiru, an Israeli-based spyware vendor, has deployed sophisticated malware infrastructure across multiple countries to target high-value individuals including politicians, journalists, and business leaders. The mercenary…
Early Indicators of Insider Threats Through Authentication and Access Controls
Security researchers at Nisos have identified a critical gap in insider threat detection: organizations often fail to correlate early behavioral anomalies with external intelligence sources,…
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
A security alert has been issued by software security firm Socket, revealing that North Korean threat actors have dramatically escalated their ongoing Contagious Interview attack.…
Air fryer app caught asking for voice data (re-air) (Lock and Code S06E24)
This week on the Lock and Code podcast… It’s often said online that if a product is free, you’re the product, but what if that…