Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...
Tech Times

SVG Phishing Emails Bypass Email Security: SANS Flags New MIME-Type Evasion

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
Microsoft

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by ...

Dozens of Red Hat packages backdoored through its official NPM channel

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, ...

Canada’s AI strategy is set to fail before it even launches

The Canadian government’s long-awaited and much-needed AI strategy is finally set to be unveiled this week, with AI minister ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...

Ottawa plans amendments to lawful-access bill amid backlash

Public Safety Minister Gary Anandasangaree is preparing to make several changes to the federal government’s controversial lawful-access bill, including ensuring the addition of protections for ...
Infosecurity Magazine

PureLogs Variant Steals Data via Purchase Order Lures

The PureLogs module targeted a wide range of browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Yandex Browser, ...
Hackaday

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...
Moneylife

CBSE's Digital Exam Portal Had a Master Password That Could Unlock Any Examiner's Account — and the Board Knew for 3 Months before Going Public

A 19-year-old cybersecurity enthusiast has raised serious questions about the safety of the Central Board of Secondary ...