PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun
PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun Pierluigi Paganini January 28, 2026 Koi researchers found “PackageGate” flaws in NPM, PNPM,…
Month: January 2026
WhatsApp Denies Lawsuit Claim and Confirms Messages are Device-encrypted and Private
WhatsApp has strongly denied a new class-action lawsuit accusing Meta of secretly accessing users’ end-to-end encrypted messages, labeling the claims as false and baseless. The…
Teleport’s Agentic Identity Framework protects AI agents in production environments
Teleport has unveiled the Teleport Agentic Identity Framework, an AI-centered framework that provides organizations with a roadmap for securely deploying agentic AI across production cloud…
Hong Kong hit with record cyberattacks in 2025 as AI-linked threats rise
The number of cyberattacks in Hong Kong hit a record high in 2025, with detected system vulnerabilities tripling, prompting experts to warn that artificial intelligence…
Chinese National Jailed to 46 Months for Laundering Millions of Dollars Stolen from American Investors
A Chinese national named Jingliang Su has been sentenced to 46 months in prison for his involvement in a major cryptocurrency fraud scheme targeting American…
WhatsApp rolls out new security feature to protect users from sophisticated attacks
To add an extra layer of protection to its end-to-end encryption, WhatsApp has begun rolling out a new privacy and security feature called Strict Account…
ATM Jackpotting Scheme Leads To 87 Defendants Charged
A federal grand jury in Nebraska has issued a new indictment in a major international cybercrime case involving an “ATM jackpotting” scheme tied to the…
Fake CAPTCHA Attack Leverages Microsoft Application Virtualization (App-V) to Deploy Malware
A newly discovered campaign demonstrates a sophisticated approach to delivering information-stealing malware through a combination of social engineering and legitimate Windows components. The attack begins…
Android just got smarter at stopping snatch-and-run phone thefts
Google announced updates to the Android theft protection features that expand existing safeguards and make stolen devices harder to use. These updates are available on…
HoneyMyte Hacker Group Updates CoolClient Malware to Deploy Browser Login Data Stealer
The HoneyMyte threat group, also known as Mustang Panda or Bronze President, continues to pose a significant risk to government organizations across Asia and Europe.…
Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom
Once a secret enters Git, it’s expensive to remediate. But the real problem runs deeper than cost. Grégory Maitrallain, Solution Architect at Orange Business, discovered…
React2Shell Vulnerability CVE-2025-55182 Actively Exploited
Threat actors have been actively exploiting a critical vulnerability in React Server Components, tracked as CVE-2025-55182 and commonly referred to as React2Shell, to compromise systems…