JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...
Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

7 Days: JDownloader got hacked, Chrome downloading 4GB file, and Steam Controller sold out7 Days: JDownloader got hacked, Chrome downloading 4GB file, and Steam Controller sold ...

Our '7 Days' weekly tech roundup brings the juiciest announcements. Read about Edge browser handling passwords in plaintext, JDownloader getting hacked, and the TAB key.

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
SecurityWeek

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities ...

Microsoft Self-Service Password Reset abused in Azure data theft attacks

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Tech Wire Asia

Google says hackers are using AI to find zero-days and build malware

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools ...
Daily Mirror

Kaspersky identifies new SilverFox campaign targeting Indian and Indonesian companies

The APT campaign involved disguising malicious files as documents related to tax violations. Upon infection, the attackers ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...