Security experts have recently found malicious packages hidden in both PyPI and npm, two of the most popular open-source ecosystems. These cases highlight how attackers are targeting developers by abusing dependencies, phishing maintainers, and using social engineering tricks. In the PyPI case, the problem came from two packages called termncolor and colorinal. The package termncolor … Continued
A new leak has revealed that OpenAI is working on a cheaper subscription plan for ChatGPT, called ChatGPT Go. Until now, the company only offered the free version and the $20 per month Plus plan, but this new option is expected to cost much less and could make ChatGPT more accessible to a wider audience. … Continued
OpenAI is preparing to launch its own AI-powered web browser, and it’s built on Chromium, the same foundation that powers Google Chrome, Microsoft Edge, and Opera. Unlike traditional browsers, this new one will focus on putting artificial intelligence at the center of the experience, giving users a chat-style interface and AI agents that can perform … Continued
A Russian-linked cybercrime group known as EncryptHub has recently been exposed for using a serious Windows flaw called MSC EvilTwin to deliver malware. Security researchers revealed that the attackers are exploiting the vulnerability, identified as CVE-2025-26633, to spread a data-stealing tool named Fickle Stealer. The vulnerability allows malicious Microsoft Console (.msc) files to run in … Continued
The U.S. Departments of State and Treasury have jointly intensified their crackdown on illicit cryptocurrency networks by targeting Garantex, a Russian-operated exchange accused of serving as a major hub for money laundering by cybercriminals and organized crime groups. Through the Transnational Organized Crime Rewards Program (TOCRP), the U.S. State Department has announced rewards totaling up … Continued
Cisco has issued urgent patches for a critical vulnerability in its Secure Firewall Management Center (FMC) software, rated the highest possible severity (CVSS score: 10.0). If exploited, the flaw could enable remote attackers to run arbitrary code on vulnerable systems. Tracked as CVE-2025-20265, the issue lies in the RADIUS subsystem of FMC. An unauthenticated attacker … Continued
Google has introduced a new policy requiring cryptocurrency apps to hold proper licenses in 15 regions worldwide. This move aims to strengthen user safety and ensure compliance with local laws. The change impacts app developers who want to list or update crypto-related services on Google Play. Without proper authorization, such apps will no longer be … Continued
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities in N-able’s N-central software to its Known Exploited Vulnerabilities (KEV) Catalog. This listing confirms that the flaws are being actively targeted by attackers and require urgent attention from organizations using the platform. N-able N-central is a popular remote monitoring and management (RMM) tool … Continued
A new ransomware strain called Charon has been making headlines after targeting organizations in the Middle East. The main victims are from the public sector and aviation industry. What makes this attack more dangerous than usual is that the hackers are using techniques normally seen in nation-state cyber espionage groups. This makes the ransomware much … Continued
Manpower, the international staffing and workforce solutions company, has announced a data breach that may have affected 144,189 people. The company sent formal notifications after completing its investigation, confirming that sensitive personal information might have been accessed by unauthorized parties. The breach involved Manpower and associated staffing operations. It started when staff in Lansing, Michigan, … Continued
