Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack. This includes steps to address threats posed by token abuse and self-replicating malware by allowing local publishing with required two-factor authentication (2FA),

The Hacker News
Open in Source
#web#mac#google#microsoft#nodejs#git#java#auth#The Hacker News
Attackers Use Phony GitHub Pages to Deliver Mac Malware

Threat actors are using a large-scale SEO poisoning campaign and fake GitHub repositories to deliver Atomic infostealers to Mac users.

Bitcoin continues to increase its institutional popularity 

Not long ago, the mere idea that cryptocurrencies could ever be integrated into mainstream finance would have seemed…

Beware of Zelle transfer scams

Zelle scams are back, or perhaps they never went away. Here's what to look out for.

ChatGPT solves CAPTCHAs if you tell it they’re fake

Researchers have convinced ChatGPT to solve CAPTCHAs, even though it's against its policy.

⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More

The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow’s breach. This week’s recap explores the trends driving that constant churn: how threat

How to Gain Control of AI Agents and Non-Human Identities

We hear this a lot: “We’ve got hundreds of service accounts and AI agents running in the background. We didn’t create most of them. We don’t know who owns them. How are we supposed to secure them?” Every enterprise today runs on more than users. Behind the scenes, thousands of non-human identities, from service accounts to API tokens to AI agents, access systems, move data, and execute tasks

A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster

The UK-based automaker has been forced to stop vehicle production as a result of the attack—costing JLR tens of millions of dollars and forcing its parts suppliers to lay off workers.

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style lures to deliver a known malware called BeaverTail and InvisibleFerret. "The threat actor used ClickFix lures to target marketing and trader roles in cryptocurrency and retail sector organizations rather than targeting software development roles," GitLab

LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer

LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs masquerading as legitimate tools. "In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware," researchers Alex Cox, Mike Kosak, and