North Korean Lazarus hackers infect hundreds via npm packages
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded…
Category: Bleeping Computer
North Korean Lazarus hackers infect hundreds via npm packages
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded…
Windows 11 KB5053598 & KB5053602 cumulative updates released
Microsoft has released Windows 11 KB5053598 and KB5053602 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. Today’s updates are mandatory as they contain the March…
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in “extremely sophisticated” attacks. The vulnerability is tracked as…
Windows 10 KB5053606 update fixes broken SSH connections
Microsoft has released the KB5053606 cumulative update for Windows 10 22H2 and Windows 10 21H2, which fixes numerous bugs, including one preventing SSH connections. The…
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
Today is Microsoft’s March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities. This Patch Tuesday also fixes three…
MassJacker malware uses 778,000 wallets to steal cryptocurrency
A newly discovered clipboard hijacking operation dubbed ‘MassJacker’ uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers. According to CyberArk,…
Microsoft replacing Remote Desktop app with Windows App in May
Microsoft announced that it will drop support for the Remote Desktop app (available via the Microsoft Store) on May 27 and replace it with its…
The AI race: Dark AI is in the lead, but good AI is catching up
Cybercriminals are using AI for help in planning and conducting cyberattacks—but cybersecurity vendors are fighting back. Learn from Acronis Threat Research Unit about how AI-powered…
Critical PHP RCE vulnerability mass exploited in new attacks
Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. Tracked as CVE-2024-4577,…
PowerSchool previously hacked in August, months before data breach
PowerSchool has published a long-awaited CrowdStrike investigation into its massive December 2024 data breach, which determined that the company was previously hacked over 4 months earlier,…
CISA tags critical Ivanti EPM flaws as actively exploited in attacks
CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. The three flaws (CVE-2024-13159,…