Security researchers have discovered the compromise of over 180 npm packages, infected with a self-propagating malware designed to infect other packages. The campaign, dubbed Shai-Hulud, likely began with the hack of the @ctrl/tinycolor package, which is downloaded over 2 million times a week. The name Shai-Hulud comes from the shai-hulud.yaml files used by the malware. It is a reference to the giant sandworms from Frank Herbert’s Dune. The issue was first brought to the attention of developer Daniel Pereira developer Daniel Pereira, who alerted the community to a large-scale supply chain attack. “Right now, as you read this, malware is being distributed

The High Court in London has overturned the decision to extradite Portuguese citizen Diogo Santos Coelho to the United States. The young man, known by the pseudonym Omnipotent, was the administrator of one of the largest hacker forums, RaidForums. The story begins in January 2022, when Coelho travels to the United Kingdom to visit his mother. There, he is arrested. Since then, he has been in limbo for more than three years: two countries are fighting over his extradition. The United States is seeking Coelho’s extradition for crimes related to his management of RaidForums. Portugal has sent its own order, citing the

The hackers of NoName057(16) have recently resumed their hostile activities against several Italian targets, using Distributed Denial-of-Service (DDoS) attacks. Based on what we observed, Italian infrastructure has strengthened its structure, and the period of service interruption has significantly decreased compared to two years ago, almost to zero, thanks to the implementation of measures against DDoS attacks and the growing awareness that such attacks inevitably entail. The following are the targets claimed today by the hacktivist group: NoName057(16) is a hacker group that declared itself in support of the Russian Federation in March 2022. They have claimed responsibility for cyberattacks on countries such as Ukraine,

Google has taken immediate security action for Chrome browser users globally, targeting four critical vulnerabilities, one of which, a zero-day vulnerability, is currently being actively exploited. Users are therefore urged to update their browsers urgently to prevent potential cyberattacks. A type confusion flaw in Chrome’s V8 JavaScript engine represents the most concerning vulnerability in this security update, tracked as CVE-2025-10585. This vulnerability was discovered and reported on September 16, 2025, by Google’s Threat Analysis Group. This vulnerability has already been exploited in real-world attacks, as confirmed by the company, which highlighted how attackers are taking advantage of this flaw. This type of

F6 analysts have published a study on a new phishing campaign active from spring 2025. The group, dubbed ComicForm, sent emails containing malicious attachments to Russian, Belarusian, and Kazakh companies in the industrial, financial, tourism, biotechnology, and other sectors. The first recorded email with the subject “Signature Verification Report” was sent on June 3, 2025. The attachment contained an archive containing an executable file that started a multi-stage infection chain. During activation, an obfuscated .NET loader, the MechMatrix Pro.dll module, and the Montero.dll dropper were downloaded. The latter remained on the system, added itself to Windows Defender exceptions, injected the payload into

A malicious version of the ISO image named Servicenow-BNM-Verify.iso has been identified on VirusTotal, reported as originating from Malaysia, with virtually no detection. The image contains four files, two visible and two hidden, suggesting packaging designed to deceive superficial analysis. Among the visible files, a Windows shortcut named servicenow-bnm-verify.lnk runs PanGpHip.exe, a legitimate executable produced by Palo Alto Networks. Although the link’s target path points to a nonexistent directory on the victim machines, the LNK file correctly redirects to its own directory, ensuring that PanGpHip.exe runs every time the ISO is mounted. DLL sideloading is a technique used by attackers in which

Linux systems are being targeted by a recent malware campaign, known as “Sindoor Dropper,” which uses advanced spear-phishing techniques and a complex infection process. Victims are tricked with lures related to the recent conflict between Pakistan and India, known as Operation Sindoor, into launching malicious files. According to analysis of the Nextron system, once executed, it opens a benign PDF to maintain the illusion of legitimacy, while silently launching a complex and heavily obfuscated infection process in the background. This process is designed to evade both static and dynamic analysis: the initial payload, at the time of its discovery, had no detections

Fifteen of the most notorious cybercriminal groups, including Scattered Spider, ShinyHunters, and Lapsus$, have announced their closure. Their collective statement, published on BreachForums, is the most explicit message from the underground in recent years. The group emphasized that their goal was less extortion than to demonstrate the weaknesses of digital systems. Now, however, they have declared that they prefer “silence” to public attacks. The document, published under several pseudonyms of well-known hackers, claims that the decision was made after three days of silence, spent by the participants with their families and reviewing their plans in the event of persecution. They said they

OpenAI has announced new security measures for ChatGPT following a series of tragic stories and lawsuits accusing the chatbot of involvement in teen suicides. The system will now attempt to determine the age of the person chatting with and, if necessary, request ID to confirm the user is over 18. The company acknowledged that this limits the privacy of adults, but deemed the tradeoff justified for security reasons. OpenAI CEO Sam Altman said he did not expect unanimous approval for these measures, but considered them necessary amid growing conflict over artificial intelligence regulation. This decision was influenced by a series of high-profile

The Artificial Intelligence Security Governance Forum was held in Kunming, Yunnan Province, southwestern China, as part of the National Cybersecurity Publicity Week 2025. The event offered an opportunity to discuss the risks and challenges associated with AI, governance measures, and developments related to the security of applications and algorithms. Researchers, technicians, and representatives from various sectors shared experiences and practical results, highlighting how AI is revolutionizing numerous fields, including cybersecurity. At the security fair, technicians emphasized how large companies are now exposed to a wide range of cyber attacks. The threats range from more common, such as web application attacks, to more