5 ways to spot software supply chain attacks and stop worms - before it's too late

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

How to keep your money safe from hackers

From what makes a good password to the strongest two-factor authentication methods, here are tips on how to avoid becoming a ...
The Hacker News

⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More

Explore emerging attack methods, evolving AI-driven threats, supply chain risks, and strategies to strengthen defenses and ...
WeLiveSecurity

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

ESET researchers reveal how malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers.

North Korea's Lazarus Group shares its malware with IT work scammers

North Korean-linked crews connected to the pervasive IT worker scams have upped their malware game, using more advanced tools ...
GCN

Google fixes Chrome zero-day CVE-2025-10585

Google patches CVE-2025-10585, the sixth Chrome zero-day exploited in 2025, affecting V8 JavaScript engine with type ...
The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
Bitdefender

Patch Your Browser! Google Addresses a Newly Exploited Security Flaw in Chrome’s V8 Engine

Google is rolling out updated versions of Chrome to the masses, signaling that attackers are exploiting a newly discovered ...

Undetectable Malware Targeting Crypto Wallet Data Of Job Seekers: Report

An infostealer particularly focused on stealing cryptocurrency wallet data from macOS, Windows and Linux users has been ...

Google patches another worrying Chrome security flaw - so update now, or be at risk

In a security advisory, Google said it patched a heap buffer overflow in ANGLE (CVE-2025-10502), a user-after-free bug in WebRTC (CVE-2025-10501), and a separate use-after-free in Dawn (CVE-2025-10500 ...

Chainguard launches trusted collection of verified JavaScript libraries

Chainguard Libraries for JavaScript include builds that are malware-resistant and built from source on SLSA L2 infrastructure ...