Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the @Control/tinycolor npm package, and has now expanded to CrowdStrike's npm namespace.
BleepingComputer
Self-propagating supply chain attack hits 187 npm packages
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign d...
Next month, Microsoft will begin automatically installing the Microsoft 365 Copilot app on Windows devices that have the Microsoft 365 desktop client apps.
BleepingComputer
Microsoft to force install the Microsoft 365 Copilot app in October
Next month, Microsoft will begin automatically installing the Microsoft 365 Copilot app on Windows devices outside the European Economic Area (EEA)...
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it.
BleepingComputer
Hackers left empty-handed after massive NPM supply-chain attack
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made litt...
Google plans to make it easier for users to access AI mode by allowing them to set it as the default, replacing the traditional blue links.
BleepingComputer
Google to make it easier to access AI Mode as default
Google plans to make it easier for users to access AI mode by allowing them to set it as the default, replacing the traditional blue links.
Threat actors are using Grok, X's built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising.
BleepingComputer
Threat actors abuse X’s Grok AI to spread malicious links
Threat actors are using Grok, X's built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious ...
Hackers tried to steal $130 million from Evertec's Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central bank's real-time payment system (Pix).
BleepingComputer
Hackers breach fintech firm in attempted $130M bank heist
Hackers tried to steal $130 million from Evertec's Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the...
Microsoft says that Word for Windows will soon enable autosave and automatically save all new documents to the cloud by default.
BleepingComputer
Microsoft Word will save your files to the cloud by default
Microsoft says that Word for Windows will soon enable autosave and automatically save all new documents to the cloud by default.
Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion.
BleepingComputer
Storm-0501 hackers shift to ransomware attacks in the cloud
Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focu...
Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks.
BleepingComputer
Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to piv...
The Federal Trade Commission (FTC) is warning major U.S. tech companies against yielding to foreign government demands that weaken data security, compromise encryption, or impose censorship on their platforms.
BleepingComputer
FTC warns tech giants not to bow to foreign pressure on encryption
The Federal Trade Commission (FTC) is warning major U.S. tech companies against yielding to foreign government demands that weaken data security, c...