Ionut Arghire

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

The packages deployed malicious code harvesting system information, credentials, tokens, API keys, and other sensitive information.

October 30, 2025

Former US Defense Contractor Executive Admits to Selling Exploits to Russia

Peter Williams stole trade secrets from his US employer and sold them to a Russian cybersecurity tools broker.

October 30, 2025

CyberRidge Emerges From Stealth With $26 Million for Photonic Encryption Solution

The company has built a plug-and-play photonic layer transmission system that encrypts data in transit to prevent interception.

October 29, 2025

XWiki Vulnerability Exploited in Cryptocurrency Mining Operation

Exploits have been available publicly for over half a year, but the bug was previously targeted only for reconnaissance.

October 29, 2025

Chrome to Turn HTTPS on by Default for Public Sites

Starting October 2026, the browser will ask users if they want to access public websites that do not use secure connections.

October 29, 2025

CISA Warns of Exploited DELMIA Factory Software Vulnerabilities

Two DELMIA Apriso flaws can be chained together to gain privileged access to the application and execute arbitrary code remotely.

October 29, 2025

QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability

The critical-severity flaw allows attackers to smuggle HTTP requests and access sensitive data, modify server files, or cause DoS conditions.

October 28, 2025

TurboMirai-Class ‘Aisuru’ Botnet Blamed for 20+ Tbps DDoS Attacks

A new class of Mirai-based DDoS botnets have been launching massive attacks, but their inability to spoof traffic enables device remediation.

October 28, 2025

Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark Forums

The email addresses were pulled from various sources and 16.4 million of them were not present in previous data breaches.

October 28, 2025

Hackers Target Swedish Power Grid Operator

The hackers stole information from a file transfer solution and the country’s power supply was not affected.

October 28, 2025

Massive China-Linked Smishing Campaign Leveraged 194,000 Domains

The malicious Smishing Triad domains were used to collect sensitive information, including Social Security numbers.

October 27, 2025

New Firefox Extensions Required to Disclose Data Collection Practices

All new extensions will be required to declare their data collection practices in their manifest file using a specific key.

October 27, 2025

Year-Old WordPress Plugin Flaws Exploited to Hack Websites

Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced.

October 27, 2025

Chrome Zero-Day Exploitation Linked to Hacking Team Spyware

The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks.

October 27, 2025

Hackers Target Perplexity Comet Browser Users

Shortly after the browser was launched, numerous fraudulent domains and fake applications were discovered.

October 24, 2025

North Korean Hackers Aim at European Drone Companies

Lazarus has used fake job offers in attacks targeting companies developing UAV technology, for information theft.

October 24, 2025

Toys ‘R’ Us Canada Customer Information Leaked Online

The customer information published on the dark web includes names, addresses, phone numbers, and email addresses.

October 24, 2025

Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks

In files downloaded from the internet, HTML tags referencing external paths could be used to leak NTLM hashes during file previews.

October 24, 2025

Russian Government Now Actively Managing Cybercrime Groups: Security Firm

The relationship between the Russian government and cybercriminal groups has evolved from passive tolerance.

October 23, 2025

Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk

Patched in September, the SessionReaper bug could be exploited without authentication to bypass a security feature.

October 23, 2025

SECURITYWEEK NETWORK:

ICS:

Ionut Arghire

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

Former US Defense Contractor Executive Admits to Selling Exploits to Russia

CyberRidge Emerges From Stealth With $26 Million for Photonic Encryption Solution

XWiki Vulnerability Exploited in Cryptocurrency Mining Operation

Chrome to Turn HTTPS on by Default for Public Sites

CISA Warns of Exploited DELMIA Factory Software Vulnerabilities

QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability

TurboMirai-Class ‘Aisuru’ Botnet Blamed for 20+ Tbps DDoS Attacks

Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark Forums

Hackers Target Swedish Power Grid Operator

Massive China-Linked Smishing Campaign Leveraged 194,000 Domains

New Firefox Extensions Required to Disclose Data Collection Practices

Year-Old WordPress Plugin Flaws Exploited to Hack Websites

Chrome Zero-Day Exploitation Linked to Hacking Team Spyware

Hackers Target Perplexity Comet Browser Users

North Korean Hackers Aim at European Drone Companies

Toys ‘R’ Us Canada Customer Information Leaked Online

Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks

Russian Government Now Actively Managing Cybercrime Groups: Security Firm

Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk

Featured

Artificial Intelligence

Industry Reactions to Claude Fable 5: Feedback Friday

ICS/OT

Iranian Cyber Group Handala Claims Cal Water Hack

Cybercrime

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

Incident Response

Alert Fatigue Is Becoming a Security Threat of Its Own

ICS/OT

Siemens Says Desigo CC Files Flagged as Malware by Security Engines

Vulnerabilities

Microsoft Patches Exploited Exchange Server Vulnerability

ICS/OT

Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers

Latest News

Supply Chain Security

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

Artificial Intelligence

Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export Controls

Management & Strategy

In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine

ICS/OT

Iranian Cyber Group Handala Claims Cal Water Hack

Vulnerabilities

Ivanti Sentry Exploitation Attempts Hitting Honeypots

Vulnerabilities

Chrome 149 Update Patches 28 Vulnerabilities

Artificial Intelligence

Anthropic Disputes Fable 5 AI Jailbreak

Daily Briefing Newsletter