Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
WeLiveSecurity

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

ESET researchers reveal how malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers.

North Korea's Lazarus Group shares its malware with IT work scammers

North Korean-linked crews connected to the pervasive IT worker scams have upped their malware game, using more advanced tools ...

How to keep your money safe from hackers

From what makes a good password to the strongest two-factor authentication methods, here are tips on how to avoid becoming a ...
The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
InfoWorld

VS Code 1.104 emphasizes AI model selection, agent security

The latest update to Microsoft’s code editor previews an automatic model selection capability and improvements to agent ...
Bitdefender

Patch Your Browser! Google Addresses a Newly Exploited Security Flaw in Chrome’s V8 Engine

Google is rolling out updated versions of Chrome to the masses, signaling that attackers are exploiting a newly discovered ...

New Malware Exploits Fake Job Ads to Hit Crypto Wallets on Windows, Mac, Linux

A newly discovered cross-platform malware dubbed ModStealer is slipping past antivirus systems and targeting crypto wallets on Windows, macOS, and Linux, according to researchers at Apple device ...
The Hacker News

Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

Google releases critical Chrome update patching zero-day CVE-2025-10585, discovered Sept 16, to block active V8 JavaScript ...

Chainguard launches trusted collection of verified JavaScript libraries

Chainguard Libraries for JavaScript include builds that are malware-resistant and built from source on SLSA L2 infrastructure ...
SecurityWeek

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...

Google patches another worrying Chrome security flaw - so update now, or be at risk

In a security advisory, Google said it patched a heap buffer overflow in ANGLE (CVE-2025-10502), a user-after-free bug in WebRTC (CVE-2025-10501), and a separate use-after-free in Dawn (CVE-2025-10500 ...