CSO Online

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, ...

A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud'

A critical misconfiguration in AWS's CodeBuild service allowed complete takeover of the cloud provider's own GitHub ...
Techzine Europe

CodeBreach enables takeover of AWS GitHub repositories

Wiz discovered a critical vulnerability in AWS CodeBuild that allowed attackers to access core AWS repositories, including ...
GovInfoSecurity

Cryptohack Roundup: UK Crypto Firms Tied to Iran Sanctions

This week, U.K. crypto exchanges linked to Iranian sanctions evasion, NodeCordRAT malware spread via npm, an FBI alert on ...
CSO Online

Researchers warn of long‑running FortiSIEM root exploit vector as new CVE emerges

The latest phMonitor vulnerability continues a multiyear pattern of unauthenticated command‑injection flaws in Fortinet’s ...
Cryptopolitan on MSN

Morpho winds down Discord server to read-only mode DeFi fight scams

The Morpho decentralized lending protocol has announced its Discord channel will change to a “read-only” mode, joining ...