npm ‘accidentally’ removes Stylus package, breaks builds and pipelines
npm has taken down all versions of the real Stylus library and replaced them with a “security holding” page, breaking pipelines and builds worldwide that rely on the…
Category: Bleeping Computer
CISA warns of hackers exploiting SysAid vulnerabilities in attacks
CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. The two…
Ukraine arrests suspected admin of XSS Russian hacking forum
The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor’s office. XSS.is…
How to harden your Active Directory against Kerberoasting
Kerberoasting is a common attack targeting Microsoft Active Directory, enabling attackers to compromise service accounts with low risk of detection. Because it manipulates legitimate accounts,…
ChatGPT is rolling out ‘personality’ toggles to become your assistant
OpenAI is rolling out a new “personality” feature on the ChatGPT web app. This allows you to choose between multiple personalities, such as “Robot.” ChatGPT…
Proton launches privacy-respecting encrypted AI assistant Lumo
Proton has launched a new tool called Lumo, offering a privacy-first AI assistant that does not log user conversations and doesn’t use their prompts for…
Hackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuit
Clorox is suing IT giant Cognizant for gross negligence, alleging it enabled a massive August 2023 cyberattack by resetting an employee’s password for a hacker…
US nuclear weapons agency hacked in Microsoft SharePoint attacks
Unknown threat actors have breached the National Nuclear Security Administration’s network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. NNSA is a…
NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
The popular NPM package ‘is’ has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This…
US nuclear weapons agency reportedly hacked in SharePoint attacks
Unknown threat actors have reportedly breached the National Nuclear Security Administration’s network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. NNSA is…
OpenAI confirms ChatGPT’s new study feature, helps with exams
BleepingComputer previously reported that OpenAI is testing a new ‘Study together’ feature, and today, a new announcement within the ChatGPT web app confirms it. This…
OpenAI prepares Sora 2 to take on Google’s Veo 3
OpenAI has had enough of Google’s Veo 3 dominating generative AI videos and is now working on Sora 2, the successor to Sora. As spotted…