[email protected] (The Hacker News)

North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages

Jun 25, 2025Ravie LakshmananMalware / Open Source Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply…

Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options

Jun 25, 2025Ravie LakshmananEndpoint Security / IT Management Microsoft on Tuesday announced that it’s extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30…

New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public

Jun 24, 2025Ravie LakshmananSocial Media / Privacy The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks…

Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue

Jun 24, 2025Ravie LakshmananMalware / Cryptocurrency Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in…

Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

Jun 24, 2025Ravie LakshmananVulnerability / Malware Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new…

The CTEM Conversation We All Need

Jun 24, 2025Ravie LakshmananThreat Exposure Management I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn’t have asked for a better kickoff panel: three…

Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network

Jun 24, 2025Ravie LakshmananCloud Security / Cryptojacking Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. “Attackers are exploiting misconfigured Docker APIs…

U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues

Jun 24, 2025Ravie LakshmananData Protection / Mobile Security The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios.…

APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine

Jun 24, 2025Ravie LakshmananMalware / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages…

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

Jun 24, 2025Ravie LakshmananCyber Espionage / Chinese Hackers The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt…