phishing – Page 3 – Experimental News Clipping Site

Krebs on Security: Self-Replicating Worm Hits 180+ Software Packages

Sep 16, 2025

—

by

Source URL: https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/ Source: Krebs on Security Title: Self-Replicating Worm Hits 180+ Software Packages Feedly Summary: At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages…

Bulletins: Vulnerability Summary for the Week of September 8, 2025

Sep 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-258 Source: Bulletins Title: Vulnerability Summary for the Week of September 8, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Adobe–Acrobat Reader Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the…

The Register: ‘FileFix’ attacks use fake Facebook security alerts to trick victims into running infostealers

Sep 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/16/filefix_attacks_facebook_security_alert/ Source: The Register Title: ‘FileFix’ attacks use fake Facebook security alerts to trick victims into running infostealers Feedly Summary: Tech evolved from PoC to global campaign in under two months An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader.……

The Cloudflare Blog: Integrating CrowdStrike Falcon Fusion SOAR with Cloudflare’s SASE platform

Sep 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.cloudflare.com/integrating-crowdstrike-falcon-fusion-soar-with-cloudflares-sase-platform/ Source: The Cloudflare Blog Title: Integrating CrowdStrike Falcon Fusion SOAR with Cloudflare’s SASE platform Feedly Summary: Cloudflare and CrowdStrike have partnered to help SOC teams minimize manual bottlenecks. By combining Cloudflare’s SASE platform with CrowdStrike’s Falcon® Fusion SOAR, security teams can now detect AI Summary and Description: Yes Summary: The text discusses…

Schneier on Security: A Cyberattack Victim Notification Framework

Sep 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/09/a-cyberattack-victim-notification-framework.html Source: Schneier on Security Title: A Cyberattack Victim Notification Framework Feedly Summary: Interesting analysis: When cyber incidents occur, victims should be notified in a timely manner so they have the opportunity to assess and remediate any harm. However, providing notifications has proven a challenge across industry. When making notifications, companies often do…

The Register: Hijacker helper VoidProxy boosts Google, Microsoft accounts on demand

Sep 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/11/voidproxy_phishing_service/ Source: The Register Title: Hijacker helper VoidProxy boosts Google, Microsoft accounts on demand Feedly Summary: Okta uncovers new phishing-as-a-service operation with ‘multiple entities’ falling victim Multiple attackers using a new phishing service dubbed VoidProxy to target organizations’ Microsoft and Google accounts have successfully stolen users’ credentials, multi-factor authentication codes, and session tokens…

Krebs on Security: 18 Popular Code Packages Hacked, Rigged to Steal Crypto

Sep 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/ Source: Krebs on Security Title: 18 Popular Code Packages Hacked, Rigged to Steal Crypto Feedly Summary: At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The…

Slashdot: Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack

Sep 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/09/08/1843235/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack Feedly Summary: AI Summary and Description: Yes Summary: The text reports on a significant supply chain attack that has compromised NPM packages, leading to malware injection into widely downloaded packages. This incident is notable for its…

Schneier on Security: Indirect Prompt Injection Attacks Against LLM Assistants

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/09/indirect-prompt-injection-attacks-against-llm-assistants.html Source: Schneier on Security Title: Indirect Prompt Injection Attacks Against LLM Assistants Feedly Summary: Really good research on practical attacks against LLM agents. “Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous” Abstract: The growing integration of LLMs into applications has introduced new security risks,…

Bulletins: Vulnerability Summary for the Week of August 25, 2025

Sep 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-245 Source: Bulletins Title: Vulnerability Summary for the Week of August 25, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000projects–Online Project Report Submission and Evaluation System A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown…

Tag: phishing