New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
The Hacker News

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.
CoinDesk

Hack at Vercel sends crypto developers scrambling to lock down API keys

Breach tied to compromised AI tool may have exposed credentials used by app frontends, the user-facing layer that connects ...
PCMag

Sorry, No Pornhub Access in 23 States and 3 Countries. How to Watch Anyway

Aylo sites like Pornhub are blocked across the US and in Australia, France, and the UK, in protest of age-verification laws.

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Hackers use fake CAPTCHA schemes to put info-stealing viruses on your devices; here’s how to stay safe

If you’ve ever had to log into an online account, you’re likely familiar with a CAPTCHA ID verification box. While normal ...
PCMag on MSN

I ditched password generators and made a better one in Excel. Here's how

Because many password generators aren't as random as they seem, I built an improved one in Excel—and I'll show you exactly ...
CNET

How to Keep Kids Safe Online? Europe Believes Its Age-Verification App Is the Answer

The European Commission's new app is "technically ready and soon available," says President Ursula von der Leyen.