Bleeping Computer

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. The threat ...

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...
The New York Times

New York Times - Top Stories

Iranian Forces Claim Seizure of 2 Ships After Trump Extends U.S.-Iran Truce Iran said it had attacked and seized two cargo ships near the Strait of Hormuz, state media reported. Both sides were ...
PCGamesN

Minecraft ideas 2026 - tutorials for 37 inspiring creations

Minecraft remains one of the best games of all time over a decade on from its release, but spending such a long time in one game could lead to you running out of ideas. We've been there: you've ...
Infosecurity-magazine.com

Infosecurity Magazine

Coordinated action by FBI, Europol and others seizes infrastructure, makes arrests – and sends warning letters to known DDoS service users Subscribe to our weekly newsletter for the latest in industry ...