The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

Large-scale Russian attack on Ukraine leaves four dead and dozens injured

A hypersonic missile, which reportedly travels over 10 times the speed of sound, was used, Russia has confirmed.
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
SecurityWeek

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

Government fails to tell public how to prepare for war almost a year after warning of the threat

Sir Keir Starmer has talked openly about how the armed forces are returning to a war footing - but a lot less has been said ...

Microsoft warns of Exchange zero-day flaw exploited in attacks

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

Belarus-aligned FrostyNeighbor attacks Ukrainian government, again — ESET Research discovers

FrostyNeighbor, a long-running cyberespionage actor apparently aligned with the interests of Belarus, has been active recently in campaigns ...

Russia uses hypersonic Oreshnik missile in major attack on Kyiv

Dozens were injured and at least two killed in the intense aerial assault that damaged buildings across Ukraine’s capital ...
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

White supremacist killer Brenton Tarrant fails to overturn guilty pleas for New Zealand mosque attacks

The 35-year-old had argued his initial admissions of guilt over the 2019 Christchurch attacks were provoked by poor mental health due to harsh prison conditions.