A new malware campaign called Shai-Hulud is causing serious trouble for npm users. Security researchers have confirmed that this malware spreads like a worm inside the JavaScript ecosystem. It takes over developer accounts and injects malicious code into popular packages. Because of its scale, it is being seen as one of the biggest recent supply-chain … Continued
Iberia Airlines has informed its customers that a data breach at one of its suppliers has exposed certain customer information. The Spanish flag carrier says unauthorized access to the supplier’s systems compromised the confidentiality of some customer data. The incident highlights how third-party vendors can become weak links in enterprise security. The airline says it … Continued
A serious cybersecurity threat has come to light as attackers are now using the ShadowPad malware to exploit a major flaw in Windows Server Update Services (WSUS). The vulnerability, identified as CVE-2025-59287, allows attackers to run commands on a WSUS server without needing any login. Security researchers have confirmed that this flaw is already being … Continued
Salesforce has announced that it detected unauthorized activity linked to OAuth connections created by applications published by Gainsight. These apps are widely used by Salesforce customers, and the unusual behavior raised concerns that some customer data may have been accessed without approval. Salesforce stressed that the incident is connected to third-party integrations, not to a … Continued
Cybersecurity researchers have identified a new malicious tool called Matrix Push, which abuses browser notifications to run phishing and malware attacks. It turns the normal web-push feature into a method for attackers to reach users directly. The tool makes fake alerts look completely legitimate. Because of this, many people may not realize they are being … Continued
🛡️ Introduction: Bridging the $5 Million Skill Gap Cybersecurity is all about practical skills. Companies want people who can spot threats, secure systems, and respond fast when something goes wrong. With attacks increasing and everything moving online, knowing the right cybersecurity skills has become more important than ever. Cybersecurity is facing a massive $5 million … Continued
CTM360 has uncovered a large global campaign designed to hijack WhatsApp accounts, known as HackOnChat. The operation uses fake login portals and malicious pages that look identical to official WhatsApp services. These pages trick users into giving attackers access. The goal is to steal active sessions and verification keys. Attackers rely on two main tactics: … Continued
Iran-linked hackers carried out a detailed digital reconnaissance on a commercial ship just days before a real-world missile strike attempt. Security researchers revealed that these hackers mapped the vessel’s AIS data and even accessed its onboard cameras. This activity happened shortly before the physical attack. Experts say the timing shows the cyber actions were connected … Continued
A man from Irvine, California has admitted to laundering millions connected to a massive $230 million cryptocurrency theft. He pleaded guilty to handling at least $25 million of the stolen funds. The theft ranks among the biggest single-victim crypto heists in the United States. Authorities say he played a key role in helping the group … Continued
A major cyber-espionage campaign called Operation “WrtHug” has been uncovered, targeting thousands of ASUS home and small-office routers. Security researchers say the operation is linked to China-based threat actors. The attackers quietly took control of these routers without alerting owners, and experts warn that this campaign is both global and highly sophisticated. The attackers mainly … Continued
