One line of malicious npm code led to massive Postmark email heist

It appears, however, that the developer took the legitimate code from the Postmark MCP server's GitHub repository, added the line of code to BCC all emails to "phan@giftshop [.]club", and published it ...
The Hacker News

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

"Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and a synthetic structure to disguise its malicious ...
The Hacker News

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks

CrowdStrike links Oracle EBS CVE-2025-61882 (CVSS 9.8) to Cl0p with moderate confidence; CISA adds to KEV, patch by Oct 27, 2025.
Infosecurity Magazine

AI-Generated Code Used in Phishing Campaign Blocked by Microsoft

Microsoft Threat Intelligence stopped an AI-driven credential phishing campaign using SVG files disguised as PDFs ...

FBI agent suspended over refusal to 'perp walk' former director

FBI leadership is reportedly in discussions to stage a showy arrest of the bureau's former director next week.

How can I politely tell my boss to stop taking pictures of me for marketing purposes?

An employer generally needs consent to photograph an employee and if it takes place while operating machinery, your employer risks violating your provincial occupational health and safety legislation ...

Wiz chief technologist Ami Luttwak on how AI is transforming cyberattacks

Ami Luttwak, CTO of Wiz, breaks down how AI is changing cybersecurity, why startups shouldn't write a single line of code before thinking about security, and opportunities for upstarts in the industry ...