Microsoft patches a record 206 flaws—and one is already being exploited

Microsoft's June Patch Tuesday fixed a record 206 vulnerabilities, including an actively exploited Windows Defender flaw.
Pen Test Partners

ClickFix, CrashFix and the growing family of copy and paste attacks

TL;DR  Introduction  At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

GitHub pulls pin on npm's auto-run scripts

GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly ...
SecurityWeek

Critical Vulnerabilities Patched in Fortinet, Ivanti Products

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.
Techlicious

FTC warns: Fake CAPTCHAs are installing malware

The FTC is warning about fake CAPTCHAs that install malware to steal your passwords and banking credentials. Here's how to ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
MSN on MSN

MacOS users lose crypto as Reaper stealer bypasses Terminal

Reaper malware targets macOS users via Script Editor to steal crypto wallets, browser passwords, and sensitive files.
The Daily Hodl

IBM Warns of New ‘Man-in-the-Browser’ Campaign That Locks Victims Inside Fake Bank Screens and Empties Accounts in Real Time

Tech giant IBM is warning of a new cyberattack campaign that traps banking customers inside fake browser screens while ...

C0XMO botnet spreads via DD-WRT router flaw, kills rival malware

A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with ...
The Next Web

Self-replicating Miasma worm hits 73 Microsoft GitHub repositories in supply chain attack

GitHub disabled 73 Microsoft repos after the Miasma worm exploited previously compromised credentials to plant malware targeting AI coding agents.

Stripe and Google Tag Manager abused in new credit card theft scheme

The hackers abused legitimate platforms to run the credit card theft campaign.
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...