Malicious npm packages target Ethereum developers' private keys

Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. [...]

https://www.bleepingcomputer.com/news/security/malicious-npm-packages-target-ethereum-developers-private-keys/

 US sanctions Chinese company linked to Flax Typhoon hackers

​The U.S. Treasury Department has sanctioned Beijing-based cybersecurity company Integrity Tech for its involvement in cyberattacks attributed to the Chinese state-sponsored Flax Typhoon hacking group. [...]

https://www.bleepingcomputer.com/news/security/us-sanctions-chinese-company-linked-to-flax-typhoon-hackers/

 Bad Tenable plugin updates take down Nessus agents worldwide

Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. [...]

https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/

 New FireScam Android malware poses as RuStore app to steal data

A new Android malware named 'FireScam' is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia's app market for mobile devices. [...]

https://www.bleepingcomputer.com/news/security/new-firescam-android-malware-poses-as-rustore-app-to-steal-data/

 Google Chrome is making it easier to share specific parts of long PDFs

Google is adding the Text Fragment feature to its PDF reader to make it easier to share specific parts of long PDFs. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-is-making-it-easier-to-share-specific-parts-of-long-pdfs/

 Nuclei flaw bypasses template signature checks to execute commands

A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. [...]

https://www.bleepingcomputer.com/news/security/nuclei-flaw-bypasses-template-signature-checks-to-execute-commands/

 Cryptocurrency wallet drainers stole $494 million in 2024

Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses. [...]

https://www.bleepingcomputer.com/news/security/cryptocurrency-wallet-drainers-stole-494-million-in-2024/

 Windows 10 users urged to upgrade to avoid "security fiasco"

​Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a "security fiasco" as the 10-year-old operating system nears the end of support in October 2025. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-users-urged-to-upgrade-to-avoid-security-fiasco/

 Microsoft may have scrapped Windows 11's dynamic wallpapers feature

Microsoft has many good ideas for Windows 11 that often do not ship, and one of them was "Dynamic Wallpapers," which, as the name suggests, could have made the wallpaper dynamic, similar to third-party tools like Lively Wallpaper. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-may-have-scrapped-windows-11s-dynamic-wallpapers-feature/

 Microsoft Bing shows misleading Google-like page for 'Google' searches

Microsoft Bing is displaying what is being categorized as a misleading Google-esque search page when users search for Google, making it look you are on the competing search engine. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-bing-shows-misleading-google-like-page-for-google-searches/

 Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs

New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. [...]

https://www.bleepingcomputer.com/news/security/eagerbee-backdoor-deployed-against-middle-eastern-govt-orgs-isps/

 Chinese hackers also breached Charter and Windstream networks

​More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. [...]

https://www.bleepingcomputer.com/news/security/charter-and-windstream-among-nine-us-telecoms-hacked-by-china/

 Vulnerable Moxa devices expose industrial networks to attacks

Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances. [...]

https://www.bleepingcomputer.com/news/security/vulnerable-moxa-devices-expose-industrial-networks-to-attacks/

 CISA says recent government hack limited to US Treasury

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that the Treasury Department breach disclosed last week did not impact other federal agencies. [...]

https://www.bleepingcomputer.com/news/security/cisa-says-recent-government-hack-limited-to-us-treasury/

 Green Bay Packers' online store hacked to steal credit cards

The Green Bay Packers American football team is notifying fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers' personal and payment information. [...]

https://www.bleepingcomputer.com/news/security/green-bay-packers-online-store-hacked-to-steal-credit-cards/

 Malicious Browser Extensions are the Next Frontier for Identity Attacks

A recent campaign targeting browser extensions illustrates that they are the next frontier in identity attacks. Learn more about these attacks from LayerX Security and how to receive a free extension audit. [...]

https://www.bleepingcomputer.com/news/security/malicious-browser-extensions-are-the-next-frontier-for-identity-attacks/

 Telegram hands over data on thousands of users to US law enforcement

Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement. [...]

https://www.bleepingcomputer.com/news/legal/telegram-hands-over-data-on-thousands-of-users-to-us-law-enforcement/

 UN aviation agency investigating 'potential' security breach

​On Monday, the United Nations' International Civil Aviation Organization (ICAO) announced it was investigating what it described as a "reported security incident." [...]

https://www.bleepingcomputer.com/news/security/un-aviation-agency-investigating-potential-security-breach/

 Washington state sues T-Mobile over 2021 data breach security failures

Washington state has sued T-Mobile over failing to secure the sensitive personal information of over 2 million Washington residents in a 2021 data breach. [...]

https://www.bleepingcomputer.com/news/legal/washington-state-sues-t-mobile-over-2021-data-breach-security-failures/

 CISA warns of critical Oracle, Mitel flaws exploited in attacks

CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-oracle-mitel-flaws-exploited-in-attacks/

 BIOS flaws expose iSeq DNA sequencers to bootkit attacks

BIOS/UEFI vulnerabilities in the iSeq 100 DNA sequencer from U.S. biotechnology company Illumina could let attackers disable devices used for detecting illnesses and developing vaccines. [...]

https://www.bleepingcomputer.com/news/security/bios-flaws-expose-iseq-dna-sequencers-to-bootkit-attacks/