Attackers are abusing the legitimate npm infrastructure in a new phishing campaign on Beamglea. This time, the malicious packages don’t execute malicious code, but instead exploit the legitimate CDN service unpkg[.]com to show users phishing pages. At the end of September, security researchers at Safety identified 120 npm packages used in such attacks, but now their number has exceeded 175 , security firm Socket reports. These packages are designed to attack over 135 organizations in the energy, industrial, and technology sectors. Targets include Algodue, ArcelorMittal, Demag Cranes, D-Link, H2 Systems, Moxa, Piusi, Renishaw, Sasol, Stratasys, and ThyssenKrupp Nucera. The attacks are primarily

In its latest update, the tech giant fixed 175 vulnerabilities affecting its core products and underlying systems, including two actively exploited zero-day vulnerabilities , the company said in its latest security update . This is the largest set of bugs disclosed by the tech giant this year. The zero-day vulnerabilities, CVE-2025-24990 affecting the Agere Windows Modem Driver and CVE-2025-59230 affecting the Windows Remote Access Connection Manager , both have a CVSS score of 7.8. The Cybersecurity and Infrastructure Security Agency (CISA) added both zero-day vulnerabilities to its KEV catalog of known vulnerabilities on Tuesday. Microsoft said the third-party Agere modem driver ,

While Microsoft actively promotes its Copilot tools for businesses, the company also warns of the dangers of uncontrolled use of “shadow” AI by employees. A new report raises the alarm about the rapid growth of so-called “shadow AI,” where employees use third-party neural networks and bots in their work without the approval of the company’s IT department. According to Microsoft, 71% of UK respondents admitted using AI services for personal use at work without the knowledge of system administrators. Furthermore, more than half continue to do so regularly. This practice covers a wide range of activities: nearly half of employees use unauthorized

Ivanti has published 13 vulnerabilities in its Endpoint Manager (EPM) software , including two high-severity flaws that could allow remote code execution and privilege escalation . Despite the lack of exploitation, CVE-2025-9713 stands out among the vulnerabilities as a high severity path traversal issue with a CVSS score of 8.8, which allows unauthenticated remote attackers to execute arbitrary code if users interact with malicious files. This is CWE-22, which is exploited due to poor input validation during the configuration import process, which could allow attackers to upload and execute malicious code on the server. Rounding it all out is CVE-2025-11622, an insecure

McAfee researchers have reported new activity by the Astaroth banking trojan , which has started using GitHub as a persistent channel for distributing configuration data. This approach allows attackers to maintain control over infected devices even after the primary command and control servers are disabled, significantly increasing the malware’s survivability and making it more difficult to neutralize. The attack begins with a phishing email disguised as a notification from popular services like DocuSign or purporting to contain a candidate’s resume . The body of the email contains a link to download a ZIP archive. Inside is a shortcut file (.lnk) that launches

Satellite communications links used by government agencies, the military, businesses, and mobile operators have been discovered to be the source of a massive data leak. Researchers at the University of California, San Diego, and the University of Maryland have found that about half of all geostationary satellites transmit information without any protection . Over the course of three years, they intercepted signals using equipment costing no more than $800 and discovered thousands of phone conversations and text messages from T-Mobile users, data from the U.S. and Mexican military, and internal communications from energy and industrial companies. Using a standard satellite dish on

Developer Andrej Karpathy has unveiled nanochat , a minimalist, fully open-source version of ChatGPT that can be trained and run on a single computer. Designed as a learning platform for Eureka Labs’ LLM101n course , the project allows users to build their own language model “from scratch to the web interface” without cumbersome dependencies or complex infrastructure. The goal of nanochat is to demonstrate that a basic analog of ChatGPT can be built in a few hours and for about $100. The speedrun.sh script automatically performs all the steps, from tokenization and training to inference and launching a web interface that can

Sophos analysts have discovered a complex malware operation by security experts that uses the popular messaging service WhatsApp to spread banking Trojans, targeting Brazilian banks and cryptocurrency exchanges. A self-replicating malware emerged on September 29, 2025, featuring advanced evasion techniques and a complex, multi-stage infection chain designed to bypass current security protections. The attack campaign had a widespread impact, affecting more than 1,000 endpoints across over 400 customer environments, demonstrating the effectiveness and vast reach of the threat. The attack occurs when victims download a malicious ZIP archive via WhatsApp Web from a previously infected contact. The social engineering component is particularly

China continues to pursue technological independence, and this time the signal has come not from microchip manufacturers, but from government officials. For the first time, the Chinese Ministry of Commerce has released official documents that cannot be opened in Microsoft Word . All materials are published exclusively in a format supported by the Chinese office suite WPS Office, developed by Beijing-based Kingsoft . This publication coincided with a new wave of tensions between Beijing and Washington. Last week, China announced the expansion of export controls on rare earths, strategically important materials essential for the production of electronics, weapons, and communications systems. Washington

A critical vulnerability has been identified in the AMD SEV-SNP hardware security architecture, impacting major cloud providers (AWS, Microsoft Azure, and Google Cloud) . This flaw allows malicious hypervisors to compromise encrypted virtual machines and gain full access to their memory. The attack, dubbed RMPocalypse , undermines the fundamental confidentiality and integrity guarantees on which the SEV-SNP trusted execution model is based. The research, presented at the ACM CCS 2025 conference in Taipei, details how a vulnerability is exploited during the initialization of SEV-SNP’s key structure, the Reverse Map Table (RMP) . This table maps host physical addresses to guest virtual pages