Cyber Security

Malware Injected into 5 npm Packages After Maintainer Tokens Stolen in Phishing Attack Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a …

A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised …

Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. Aruba Instant On …

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. …

Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The npm package eslint-config-prettier, downloaded over …

GPT-5 might be just a few days or weeks away, as we've spotted references to a new model called gpt-5-reasoning-alpha-2025-07-13. As spotted on X, OpenAI is testing a model called …

AI companies could soon disrupt the education market with their new AI-based learning tools for students. BleepingComputer recently reported that OpenAI is working on a Study Together feature for ChatGPT. …

China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement …