5 ways to spot software supply chain attacks and stop worms - before it's too late

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

How to keep your money safe from hackers

From what makes a good password to the strongest two-factor authentication methods, here are tips on how to avoid becoming a ...
The Hacker News

⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More

Explore emerging attack methods, evolving AI-driven threats, supply chain risks, and strategies to strengthen defenses and ...
WeLiveSecurity

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

ESET researchers reveal how malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers.

North Korea's Lazarus Group shares its malware with IT work scammers

North Korean-linked crews connected to the pervasive IT worker scams have upped their malware game, using more advanced tools ...
The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
Bitdefender

Patch Your Browser! Google Addresses a Newly Exploited Security Flaw in Chrome’s V8 Engine

Google is rolling out updated versions of Chrome to the masses, signaling that attackers are exploiting a newly discovered ...
GCN

Google fixes Chrome zero-day CVE-2025-10585

Google patches CVE-2025-10585, the sixth Chrome zero-day exploited in 2025, affecting V8 JavaScript engine with type ...
InfoWorld

VS Code 1.104 emphasizes AI model selection, agent security

The latest update to Microsoft’s code editor previews an automatic model selection capability and improvements to agent security.

Undetectable Malware Targeting Crypto Wallet Data Of Job Seekers: Report

An infostealer particularly focused on stealing cryptocurrency wallet data from macOS, Windows and Linux users has been ...

Google patches another worrying Chrome security flaw - so update now, or be at risk

In a security advisory, Google said it patched a heap buffer overflow in ANGLE (CVE-2025-10502), a user-after-free bug in WebRTC (CVE-2025-10501), and a separate use-after-free in Dawn (CVE-2025-10500 ...