Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: malicious Clear Filter

Tinycolor supply chain attack post-mortem

news.ycombinator.com Scott Cooper 2025-09-19 19:18:38

A malicious GitHub Actions workflow was pushed to a shared repo and exfiltrated a npm token with broad publish rights. The attacker then used that token to publish malicious versions of 20 packages, including @ctrl/tinycolor . My GitHub account, the @ctrl/tinycolor repository were not directly compromised. There was no phishing involved, and no malicious packages were installed on my machine and I already use pnpm to avoid unapproved postinstall scripts. There was no pull request involved becau

Topics: github malicious npm packages versions
Read More
Shop Amazon

Microsoft adds malicious link warnings to Teams private chats

bleepingcomputer.com Unknown 2025-09-28 19:21:23

Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as malicious. Microsoft will introduce these new warnings for messages containing URLs that have been flagged as spam, phishing, or malware, for all Microsoft Defender for Office 365 (MDO) and Microsoft Teams enterprise customers. The new link protection feature will begin rolling out with a public preview for desktop, Android, web, and iOS users in September 2025 and is

Topics: feature malicious message microsoft teams
Read More
Shop Amazon

Hackers left empty-handed after massive NPM supply-chain attack

bleepingcomputer.com Unknown 2025-10-01 03:56:15

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but the attacker made little profit off it. The attack occurred earlier this week after maintainer Josh Junon (qix) fell for a password reset phishing lure and compromised multiple highly popular NPM packages, among them chalk and degub-js, that cumulatively have more than 2.6 billion weekly downloads. After gaining access to Junon’s account, the attackers pushed maliciou

Topics: attack cloud environments malicious packages
Read More
Shop Amazon

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

bleepingcomputer.com Unknown 2025-10-05 11:53:59

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was discovered by GitGuardian researchers, who report that the first signs of compromise on one of the impacted projects, FastUUID, became evident on September 2, 2025. The attack involved leveraging compromised maintainer accounts to perform commits that added a malicious GitHub Actions workflow file that triggers automat

Topics: gitguardian github malicious secrets tokens
Read More
Shop Amazon

6 browser-based attacks all security teams should be ready for in 2025

bleepingcomputer.com Unknown 2025-10-10 10:01:11

What security teams need to know about the browser-based attack techniques that are the leading cause of breaches in 2025. “The browser is the new battleground.” “The browser is the new endpoint”. These are statements you’ll run into time and again as you read articles on websites like this one. But what does this actually mean from a security perspective? In this article, we’ll explore what security teams are trying to stop attackers from doing in the browser, breaking down what a “browser-b

Topics: attackers browser malicious phishing security
Read More
Shop Amazon

Threat actors abuse X’s Grok AI to spread malicious links

bleepingcomputer.com Unknown 2025-10-11 15:01:34

Threat actors are using Grok, X's built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising. As discovered by Guardio Labs' researcher Nati Tal, mavertisers often run sketchy video ads containing adult content baits and avoid including a link to the main body to avoid being blocked by X. Instead, they hide it in the small "From:" metadata field under the video card, which apparently isn't scanned by the social media platform for mal

Topics: grok instead link links malicious
Read More
Shop Amazon

Why you should delete your browser extensions right now - or do this to stay safe

zdnet.com Jack Wallen 2025-10-14 23:03:00

Elyse Betters Picaro / ZDNET Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways Malicious browser extensions are a widespread problem. Even vetted extensions can be dangerous. Here's what you should do to avoid issues. Koi Security investigated a single malicious extension used as a color picker and found it had infected 2.3 million users on Chrome and Edge. Cybernews reported in 2024 that more than 350 million people downloaded insecure browsers during a two-year

Topics: browser extension extensions malicious use
Read More
Shop Amazon

How RubyGems.org protects OSS infrastructure

news.ycombinator.com Marty Haught 2025-10-27 16:02:51

by Marty Haught Recently, Socket.dev published research highlighting malicious gems designed to steal social media credentials. We wanted to use this as an opportunity to share more about how RubyGems.org security operates, how we proactively handled this incident (and others), and the work our team is doing each day to keep the ecosystem safe. How We Detect Malicious Gems RubyGems.org security uses a proactive and multi-layered approach: 1. Automated detection: Every gem upload is analyzed

Topics: malicious org rubygems security team
Read More
Shop Amazon

Malicious Android apps with 19M installs removed from Google Play

bleepingcomputer.com Unknown 2025-10-28 10:37:22

Seventy-seven malicious Android apps with more than 19 million installs were delivering multiple malware families to Google Play users. This malware infiltration was discovered by Zscaler's ThreatLabs team while investigating a new infection wave with Anatsa (Tea Bot) banking trojan targeting Android devices. While most of the malicious apps (over 66%) included adware components, the most common Android malware was Joker, which researchers encountered in almost 25% of the analyzed apps. Once

Topics: anatsa apps google malicious malware
Read More
Shop Amazon

LLMs and coding agents are a security nightmare

news.ycombinator.com Gary Marcus 2025-11-10 20:04:34

Last October, I wrote an essay called “When it comes to security, LLMs are like Swiss cheese — and that’s going to cause huge problems” warning that “The more people use LLMs, the more trouble we are going to be in”. Until last week, when I went to Black Hat Las Vegas, I had no earthly idea how serious the problems were. There, I got to know Nathan Hamiel, a Senior Director of Research at Kudelski Security and the AI, ML, and Data Science track lead for Black Hat, and also sat in on a talk by tw

Topics: agents code coding llm malicious
Read More
Shop Amazon

LLMs and Coding Agents = Security Nightmare

news.ycombinator.com Gary Marcus 2025-11-11 08:04:34

Last October, I wrote an essay called “When it comes to security, LLMs are like Swiss cheese — and that’s going to cause huge problems” warning that “The more people use LLMs, the more trouble we are going to be in”. Until last week, when I went to Black Hat Las Vegas, I had no earthly idea how serious the problems were. There, I got to know Nathan Hamiel, a Senior Director of Research at Kudelski Security and the AI, ML, and Data Science track lead for Black Hat, and also sat in on a talk by tw

Topics: agents code coding llm malicious
Read More
Shop Amazon

DoubleAgents: Fine-Tuning LLMs for Covert Malicious Tool Calls

news.ycombinator.com Justin Albrethsen 2025-11-18 10:31:16

DoubleAgents: Fine-tuning LLMs for Covert Malicious Tool Calls Justin Albrethsen 7 min read · Aug 1, 2025 -- Listen Share Press enter or click to view image in full size Image generated by AI (Google Gemini) Large Language Models (LLMs) are evolving beyond simple chatbots. Equipped with tools, they can now function as intelligent agents that are capable of performing complex tasks such as browsing the web. However, with this ability comes a major challenge: trust. How can we verify the integri

Topics: fine llm llms malicious tool
Read More
Shop Amazon

60 malicious Ruby gems downloaded 275,000 times steal credentials

bleepingcomputer.com Unknown 2025-11-23 22:11:21

Sixty malicious Ruby gems containing credential-stealing code have been downloaded over 275,000 times since March 2023, targeting developer accounts. The malicious Ruby gems were discovered by Socket, which reports they targeted primarily South Korean users of automation tools for Instagram, TikTok, Twitter/X, Telegram, Naver, WordPress, and Kakao. RubyGems is the official package manager for the Ruby programming language, enabling the distribution, installation, and management of Ruby librari

Topics: gems malicious ruby socket tools
Read More
Shop Amazon

Fake WhatsApp developer libraries hide destructive data-wiping code

bleepingcomputer.com Unknown 2025-11-27 15:42:30

Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer's computers. Two malicious NPM packages currently available in the registry target WhatsApp developers with destructive data-wiping code. The packages, discovered by researchers at Socket, masquerade as WhatsApp socket libraries and were downloaded over 1,100 times since their publication last month. Despite Socket having fil

Topics: com github malicious packages socket
Read More
Shop Amazon

Wave of 150 crypto-draining extensions hits Firefox add-on store

bleepingcomputer.com Unknown 2025-11-28 18:00:00

A malicious campaign dubbed 'GreedyBear' has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims. The campaign, discovered and documented by Koi Security, impersonates cryptocurrency wallet extensions from well-known platforms such as MetaMask, TronLink, and Rabby. These extensions are uploaded in a benign form initially, to be accepted by Firefox, and accumulate fake positive reviews. At a

Topics: add extensions koi malicious wallet
Read More
Shop Amazon

Attackers exploit link-wrapping services to steal Microsoft 365 logins

bleepingcomputer.com Unknown 2025-12-06 12:24:48

A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials. The attacker exploited the URL security feature from cybersecurity company Proofpoint and cloud communications firm Intermedia in campaigns from June through July. Some email security services include a link wrapping feature that rewrites the URLs in the message to a trusted domain and passes them through a scan

Topics: email link malicious phishing wrapping
Read More
Shop Amazon

Inside a Real Clickfix Attack: How This Social Engineering Hack Unfolds

bleepingcomputer.com Unknown 2025-12-12 15:05:15

An inside look at a ClickFix campaign and a real-world attack, its next iteration (FileFix), and how to prevent it in its tracks, before device compromise. ClickFix: Silent Copying to Clipboard ClickFix, a deceptive social engineering tactic, is used by threat actors to manipulate unsuspecting users into unwittingly allowing a web page to silently populate the clipboard. Ultimately, the attacker is attempting to get a user to (unknowingly) execute malicious code, gathered from the browser and

Topics: browser clickfix clipboard malicious user
Read More
Shop Amazon

Flaw in Gemini CLI AI coding assistant allowed stealthy code execution

bleepingcomputer.com Unknown 2025-12-20 00:40:44

A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs. The flaw was discovered and reported to Google by the security firm Tracebit on June 27, with the tech giant releasing a fix in version 0.1.14, which became available on July 25. Gemini CLI, first released on June 25, 2025, is a command-line interface tool developed by Google that enables developers to interact directly with

Topics: command gemini malicious tracebit user
Read More
Shop Amazon

Hackers breach Toptal GitHub account, publish malicious npm packages

bleepingcomputer.com Unknown 2025-12-26 10:26:04

Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. The packages included data-stealing code that collected GitHub authentication tokens and then wiped the victims' systems. Toptal is a freelance talent marketplace that connects companies with software developers, designers, and finance experts. The company also maintains internal developer tools and design systems, most notably Picasso, which

Topics: github malicious packages picasso toptal
Read More
Shop Amazon

Firefox-patch-bin, librewolf-fix-bin AUR packages contain malware

news.ycombinator.com Unknown 2026-01-05 10:48:48

On the 16th of July, at around 8pm UTC+2, a malicious AUR package was uploaded to the AUR. Two other malicious packages were uploaded by the same user a few hours later. These packages were installing a script coming from the same GitHub repository that was identified as a Remote Access Trojan (RAT). The affected malicious packages are: - librewolf-fix-bin - firefox-patch-bin - zen-browser-patched-bin The Arch Linux team addressed the issue as soon as they became aware of the situation. As of to

Topics: aur bin malicious packages uploaded
Read More
Shop Amazon

GitHub abused to distribute payloads on behalf of malware-as-a-service

arstechnica.com Unknown 2026-01-07 05:16:09

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to targets. The use of GitHub gave the malware-as-a-service (MaaS) a reliable and easy-to-use platform that’s greenlit in many enterprise networks that rely on the code repository for the software they develop. GitHub removed the three accounts that hosted the malicious payloads shortly after being notified

Topics: emmenhtal github malicious malware talos
Read More
Shop Amazon

Beware! Research shows Gmail’s AI email summaries can be hacked

androidauthority.com Unknown 2026-01-14 20:32:50

Edgar Cervantes / Android Authority TL;DR A researcher recently demonstrated a Gemini flaw that could be exploited to inject malicious instructions while using Gmail’s email summary feature. These instructions were hidden in plain text under the body of the email. Google responded to the research, stating that it had updated its models to identify such prompt engineering measures and block phishing links. Big tech companies have been billing AI as the ubiquitous tool that frees us from munda

Topics: email gemini google instructions malicious
Read More
Shop Amazon

Google Gemini flaw hijacks email summaries for phishing

bleepingcomputer.com Unknown 2026-01-17 18:38:00

Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. Such an attack leverages indirect prompt injections that are hidden inside an email and obeyed by Gemini when generating the message summary. Despite similar prompt attacks being reported since 2024 and safeguards being implemented to block misleading responses, the technique

Topics: attacks email gemini google malicious
Read More
Shop Amazon

Malicious Chrome extensions with 1.7M installs found on Web Store

bleepingcomputer.com Unknown 2026-01-28 00:00:00

Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. Most of the add-ons provide the advertised functionality and pose as legitimate tools like color pickers, VPNs, volume boosters, and emoji keyboards. Researchers at Koi Security, a company providing a platform for security self-provisioned software, discovered the malicious extensions in Chrome Web Store and rep

Topics: chrome extensions malicious security users
Read More
Shop Amazon

Dozens of fake wallet add-ons flood Firefox store to drain crypto

bleepingcomputer.com Unknown 2026-02-08 00:16:01

More than 40 fake extensions in Firefox’s official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data. Some of the extensions pretend to be wallets from Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, and MyMonero, and include malicious code that sends stolen information to attacker-controlled servers. Fake wallet extensions on the Firefox add-ons store Source: BleepingComputer Researchers at Koi

Topics: bleepingcomputer extensions fake firefox malicious
Read More
Shop Amazon

New FileFix attack runs JScript while bypassing Windows MoTW alerts

bleepingcomputer.com Unknown 2026-02-10 05:37:46

A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved HTML webpages. The technique, was devised by security researcher mr.d0x Last week, the researcher showed how the first FileFix method worked as an alternative to 'ClickFix' attacks by tricking users into pasting a disguised PowerShell command into the File Explorer address bar. The attack involves a phishing page to trick the victim in

Topics: attack file html malicious windows
Read More
Shop Amazon

WinRAR patches bug letting malware launch from extracted archives

bleepingcomputer.com Unknown 2026-02-21 00:55:14

WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive. The flaw tracked as CVE-2025-6218 and assigned a CVSS score of 7.8 (high severity), was discovered by security researcher whs3-detonator who reported it through Zero Day Initiative on June 5, 2025. It affects only the Windows version of WinRAR, from version 7.11 and older, and a fix was released in WinRAR versio

Topics: 2025 6218 cve malicious winrar
Read More
Shop Amazon

SonicWall warns of trojanized NetExtender stealing VPN logins

bleepingcomputer.com Unknown 2026-02-23 00:36:19

SonicWall is warning customers that threat actors are distributing a trojanized version of its NetExtender SSL VPN client used to steal VPN credentials. The fake software, which was discovered by SonicWall's and Microsoft Threat Intelligence (MSTIC) researchers, mimics the legitimate NetExtender v10.3.2.27, the latest available version. The malicious installer file is hosted on a spoofed website that is made to appear authentic, tricking visitors into thinking they are downloading software fro

Topics: malicious netextender remote sonicwall vpn
Read More
Shop Amazon

Cybercriminals use fake GitHub Minecraft mods to target young players

techspot.com Skye Jacobs 2026-02-27 10:03:00

Serving tech enthusiasts for over 25 years.TechSpot means tech analysis and advice you can trust What just happened? Hundreds of GitHub repositories offering Minecraft mods have become the latest battleground in a sophisticated malware campaign, targeting the game's vast and creative player community. At the heart of this operation is the Stargazers Ghost Network, an elaborate cybercriminal infrastructure uncovered by Check Point Research. Unlike typical malware campaigns, Stargazers Ghost Net

Topics: ghost malicious minecraft mods network
Read More
Shop Amazon

CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup

bleepingcomputer.com Unknown 2026-02-27 16:47:05

CoinMarketCap, the popular cryptocurrency price tracking site, suffered a website supply chain attack that exposed site visitors to a wallet drainer campaign to steal visitors' crypto. On Friday evening, January 20, CoinMarketCap visitors began seeing Web3 popups asking them to connect their wallets to the site. However, when visitors connected their wallets, a malicious script drained cryptocurrency from them. The company later confirmed threat actors utilized a vulnerability in the site's ho

Topics: attack coinmarketcap malicious site wallet
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3586 apple 2977 new 2364 google 1994 content 1714
Popular
like 1480 company 1409 pro 1305 iphone 1130 app 1115 zdnet 1097 said 1044 data 1038 does 899 reviews 885
Emerging
editorial 864 amazon 854 game 801 samsung 766 phone 757 pixel 754 android 732 just 712 available 680 users 676
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]