Open Source Poisoned Patches Infect Local Software darkreadingNate Nelson, Contributing Writer
April 10, 2025

Malicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering "patches" for locally installed programs. Malicious packages lurking on open …


China-based SMS Phishing Triad Pivots to Banks Krebs on SecurityBrianKrebs
April 10, 2025

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated …


Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes The Hacker [email protected] (The Hacker News)
April 10, 2025

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at …


Why Data Privacy Isn’t the Same as Data Security darkreadingChris Borkenhagen
April 10, 2025

Failing to distinguish between data privacy and data security leaves businesses vulnerable to regulatory scrutiny and the kinds of breaches that erode consumer trust overnight. Failing to distinguish between data privacy …


Threat Actors Use ‘Spam Bombing’ Technique to Hide Malicious Motives darkreadingAlexander Culafi, Senior News Writer, Dark Reading
April 10, 2025

Darktrace researchers detailed "spam bombing," a technique in which threat actors bombard targets with spam emails as a pretense for activity like social engineering campaigns. Darktrace researchers detailed "spam bombing," a …


Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses The Hacker [email protected] (The Hacker News)
April 10, 2025

Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what's seen …


CISA Releases Ten Industrial Control Systems Advisories AlertsCISA
April 10, 2025

CISA released ten Industrial Control Systems (ICS) advisories on April 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-100-01 Siemens License Server ICSA-25-100-02 Siemens …


PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party The Hacker [email protected] (The Hacker News)
April 10, 2025

Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking …


The Identities Behind AI Agents: A Deep Dive Into AI & NHI The Hacker [email protected] (The Hacker News)
April 10, 2025

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis …


Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine The Hacker [email protected] (The Hacker News)
April 10, 2025

The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an …