Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations

Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns

Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens.
The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub repositories.
The list of affected

Headline

Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack

The Hacker News: Latest News