Security researchers at Checkmarx have discovered a new npm supply chain attack that utilizes a typosquatting technique with a malicious package named “jest-fet-mock,” which targets development environments and employs Ethereum smart contracts for command-and-control communication.
Okta has resolved a significant authentication bypass vulnerability that allowed unauthorized access to user accounts with long usernames, highlighting the need for robust security measures in authentication services.
A ransomware attack by the Rhysida group compromised the personal and financial data of approximately 500,000 residents and city employees in Columbus, Ohio, raising significant concerns about municipal cybersecurity vulnerabilities.
The pro-Russian hacking group NoName057(16) has claimed responsibility for a series of DDoS attacks on multiple local government authorities in the UK, motivated by the country’s military support for Ukraine.
A faulty update from CrowdStrike in July 2024 caused significant operational disruptions for Microsoft Windows hosts worldwide, affecting millions of users and leading to lawsuits from Delta Air Lines and New York State Comptroller Thomas P DiNapoli.
Researchers from Google’s Project Zero and Google DeepMind have identified a zero-day memory-safety vulnerability in SQLite, marking a significant advancement in AI-assisted vulnerability research.
