Author: [email protected] (The Hacker News)

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the “setup_bun.js” loader and the main payload … Read More “Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets  – The Hacker News” »

New research from Ontinue exposes a major security flaw in Microsoft Teams B2B Guest Access. Learn how attackers bypass all Defender for Office 365 protections with a single invite.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

AI meeting assistants have become essential tools for professionals who want fast, accurate, and automated transcription. Yet behind…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that’s capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency wallet. The extension, named Crypto Copilot, was first published by a user named “sjclark76” on May 7, 2024. The developer describes the … Read More “Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps  – The Hacker News” »

A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for “Rey,” the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, … Read More “Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’  – Krebs on Security” »

Cary, North Carolina, USA, 26th November 2025, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

South Korea’s financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. “This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP)  – Read … Read More “Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist  – The Hacker News” »

Samourai Wallet founders Keonne Rodriguez and William Hill were sentenced to 4 and 5 years for laundering $237M via their crypto mixer.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Royal Borough of Kensington and Chelsea and Westminster city council investigate whether data has been compromised At least two London councils have been hit by a cyber-attack and have invoked emergency plans as they investigate whether any data has been compromised. The Royal Borough of Kensington and Chelsea and Westminster City council, which share some … Read More “Two London councils enact emergency plans after being hit by cyber-attack  – Data and computer security | The Guardian” »

Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors. As a result, most organizations’ security investments are asymmetrical, robust detection tools paired with an … Read More “When Your $2M Security Detection Fails: Can your SOC Save You?  – The Hacker News” »

The final season of “Stranger Things” is upon us, and 1980s nostalgia is at an all-time high. The clunky control panels at Hawkins Lab help set the stage for the show. The unfortunate reality is that similar legacy systems still exist in operational technology (OT) environments today. Just as Hawkins Lab spawned a monstrous compendium … Read More “‘Stranger Things’ emerge when OT security is stuck in the past  – CyberScoop” »

Bitdefender Labs found fake Battlefield 6 pirated copies and trainers spreading aggressive malware, C2 agents, and infostealers, designed to steal player data and crypto-wallets.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

If you’re using community tools like Chocolatey or Winget to keep systems updated, you’re not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch… The very tools that make your job easier might also be the reason your systems are at risk. These tools … Read More “Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools  – The Hacker News” »

The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. “This is the first time that a RomCom payload has been observed being distributed by SocGholish,” Arctic Wolf Labs researcher Jacob Faires said in a Tuesday report. The … Read More “RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware  – The Hacker News” »