Malicious NPM Packages Compromise Sensitive Data Across Multiple Platforms Background and Context The discovery of ten malicious packages in the Node Package Manager (npm) registry highlights ongoing security vulnerabilities within software development environments. NPM, a vital component for JavaScript developers, facilitates the sharing and utilization of code libraries. However, its popularity also makes it a…
Critical Security Vulnerabilities Target Dassault Systèmes and XWiki Introduction to Recent Exploits Active exploitation of security flaws in Dassault Systèmes DELMIA Apriso and XWiki has come into focus following alerts from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity firm VulnCheck. These vulnerabilities pose significant risks to organizations using these platforms, highlighting a…
BiDi Swap: How Bidirectional Unicode Is Being Used to Make Fake URLs Appear Legitimate What the BiDi Swap trick is and why it matters Security researchers at Varonis have documented a renewed phishing technique they call “BiDi Swap,” in which attackers abuse Unicode bidirectional (BiDi) control characters to make malicious URLs display as if they…
Qilin Ransomware Deploys Linux Payloads and BYOVD Tactics in Hybrid Attacks Overview and key facts Security researchers have observed the Qilin ransomware operation — also tracked under the names Agenda, Gold Feather and Water Galura — using a hybrid attack approach that pairs a Linux-capable payload with a BYOVD (Bring Your Own Vulnerable Driver) exploitation…
CoPhish: Copilot Studio Agents Used to Steal OAuth Tokens via Trusted Microsoft Domains Overview Security researchers have identified a new phishing technique named “CoPhish” that leverages Microsoft Copilot Studio agents to deliver fraudulent OAuth consent prompts via legitimate Microsoft domains. The campaign uses the trust provided by Microsoft-owned infrastructure to present users with what appear…
194,000+ Domains Tied to Global Smishing Campaign, Unit 42 Warns Summary of the Finding Palo Alto Networks Unit 42 has attributed more than 194,000 malicious domains to a large-scale, ongoing smishing campaign that has been active since January 1, 2024. The campaign, as reported by the security vendor, targets a wide range of services and…
Toys “R” Us Canada confirms customer records stolen and later leaked — what organizations and customers should do next Summary of the incident Toys “R” Us Canada has notified customers that threat actors leaked customer records they had previously stolen from the retailer’s systems. The company’s breach notification, shared with affected customers, indicates an incident…
Critical Adobe Commerce/Magento Vulnerability Exploited in Over 250 Attack Attempts What happened Security researchers at e-commerce protection firm Sansec reported that threat actors have begun actively exploiting a recently disclosed vulnerability affecting Adobe Commerce and Magento Open Source. The flaw is tracked as CVE-2025-54236 and carries a CVSS score of 9.1. Sansec recorded more than…
TP-Link Fixes Four Omada Gateway Vulnerabilities, Two Allow Arbitrary Code Execution What the update fixes TP-Link has released security updates addressing four vulnerabilities in its Omada gateway devices, including two critical flaws that can lead to arbitrary code execution. One of the flaws has been publicly identified as CVE-2025-6541 (CVSS 8.6), an operating system command…
DNS0.EU Public DNS Service Shuts Down Citing Sustainability Constraints What happened DNS0.EU, a non-profit public DNS resolver that served primarily European users, announced an immediate shutdown, attributing the decision to time and resource constraints. The project’s operators said they were unable to continue running the service under current conditions and ceased operations with immediate effect.…