Security News

New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
2025-03-26 16:59

The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor...

Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks
2025-03-26 12:00

Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software...

New npm attack poisons local packages with backdoors
2025-03-26 12:00

Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. [...]

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
2025-03-26 11:10

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in...

EncryptHub linked to MMC zero-day attacks on Windows systems
2025-03-25 16:51

A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. [...]

Browser-in-the-Browser attacks target CS2 players' Steam accounts
2025-03-25 15:52

A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam's login page. [...]

AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface
2025-03-25 11:00

Organizations now use an average of 112 SaaS applications—a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10...

Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks
2025-03-24 14:01

Acronis Threat Research found 2M+ malicious URLs & 5,000+ malware instances in Microsoft 365 backup data—demonstrating how built-in security isn't always enough. Don't let threats persist in your...

⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
2025-03-24 11:35

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the...

Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed
2025-03-23 05:26

The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something...