News
Cybersecurity News Today
Live cybersecurity coverage — new vulnerabilities, active threats, breaches, and the fixes that matter, distilled for security and engineering teams.
Security
Four Malicious npm Packages Discovered
Cybersecurity researchers have identified four malicious packages on the npm registry: `chalk-tempalte`, `@deadcode09284814/axios-util`, `axois-utils`, and `color-style-utils`. These packages were designed to steal information from developer systems and have been downloaded thousands of times.
Neeraj Dhiman ·
Security
Old Virus Secretly Altered Calculations
A newly analyzed computer virus from over 20 years ago, named fast16.sys, reveals an early Stuxnet-style attack. The malware was designed to selectively target high-precision calculation software, subtly altering results in memory. This highlights a long-standing threat of data manipulation in critical systems.
Neeraj Dhiman ·
Security
Scammers Impersonate Officials With Fake Facebook Offers
A scam campaign is targeting users in the Middle East and North Africa with fake Facebook offers. Attackers impersonate public figures to promote bogus deals for free internet and financial aid, aiming to steal user data.
Neeraj Dhiman ·
Security
Is Your Security Strategy Actually Working?
Security leaders suggest CISOs ask tough questions to evaluate their programs. This helps them adapt to new threats and prove the value of their security investments to the business.
Neeraj Dhiman ·
Security
Sextortionist Sentenced to 33 Years
A Canadian man has been sentenced to 33 years in prison after pleading guilty to an extensive sextortion scheme. Over eight years, he targeted more than 145 children across the United States, with some victims as young as six years old, marking a significant legal outcome.
Neeraj Dhiman ·
Security
Fake BBC and Guardian Ads on Reddit Push AI Scams
Scammers are buying ads on Reddit that look like posts from the BBC and The Guardian. These ads lead to fake AI investment schemes designed to steal money, using rapidly changing domains to avoid detection by security teams.
Neeraj Dhiman ·
Security
How To Avoid Common Travel Scams
Booking flights, hotels, and rentals involves sharing sensitive data across multiple platforms, creating opportunities for criminals. Common travel scams and frequent data breaches in the hospitality sector increase the risk. Awareness of these threats is key to protecting information while planning travel.
Neeraj Dhiman ·
Security
Understanding Security Risks in Containers
The widespread use of Docker containers has streamlined software deployment, but it also introduces security vulnerabilities. Developers frequently use pre-built images from repositories like Docker Hub, which can contain hidden risks, making container-based infrastructure a prime target for cyberattacks.
Neeraj Dhiman ·
Security
New Service Automates Crypto Wallet Theft
A new Drainer-as-a-Service platform called Lucifer is enabling crypto theft at scale. It uses sophisticated phishing kits and automation to trick users into signing malicious transactions, which then drains their wallets. The service highlights a shift from direct hacking to social engineering in crypto theft.
Neeraj Dhiman ·
Security
Fraud Is More Than Just Chargebacks
Focusing solely on chargebacks overlooks other costly forms of fraud like false declines, account takeovers, and service abuse. These hidden threats can significantly damage revenue and customer trust, requiring a broader approach to risk management for complete protection and business health.
Neeraj Dhiman ·
Security
The FBI Built a Fake Town to Practice Hacking
The FBI has opened a 22,000-square-foot replica town in Alabama to simulate cyberattacks on critical infrastructure. This physical-digital training ground helps agents prepare for threats that can cause real-world physical damage.
Neeraj Dhiman ·
Security
Ubuntu Patches Local Eavesdropping Vulnerability
Ubuntu has released a security update for its 20.04 LTS version, addressing a vulnerability in the xdg-dbus-proxy component. The flaw could allow a local attacker to intercept certain D-Bus messages by exploiting incorrect handling of policy rules. Users are advised to apply the patch promptly.
Neeraj Dhiman ·
Security
Multiple Security Flaws Found In MediaWiki
Multiple vulnerabilities have been discovered in MediaWiki, the popular open-source wiki software. The flaws could allow attackers to determine if users have two-factor authentication enabled and to view the titles of intentionally hidden log entries, posing a risk to user privacy and site security.
Neeraj Dhiman ·
Security
Ubuntu 20.04 Flaw Lets Attackers Crash Systems
A security flaw has been found in a core audio library on Ubuntu 20.04 LTS. Attackers could exploit it with a special file to crash applications or potentially run malicious code, requiring an immediate system update.
Neeraj Dhiman ·
Security
Ubuntu SSSD Flaw Creates Service Disruption
A vulnerability was discovered in Ubuntu's System Security Services Daemon (SSSD). A local attacker can exploit this by sending malformed data to the PAM passkey responder, causing it to crash. This results in a denial of service, preventing users from authenticating on affected systems.
Neeraj Dhiman ·
Security
Open-source private security camera updated
Secluso, an open-source home security camera system, has been updated. Formerly Privastead, it offers end-to-end encryption using OpenMLS and focuses on user privacy. The system is designed for easy deployment on hardware like the Raspberry Pi, providing a private alternative to commercial IoT solutions.
Neeraj Dhiman ·
Security
Why Annual Security Tests Fail
Traditional two-week penetration tests leave companies exposed for the other 345 days of the year. Security firm Sprocket Security highlights this gap, arguing that as attack surfaces constantly evolve, businesses must adopt continuous security testing to effectively manage and mitigate real-world risks.
Neeraj Dhiman ·
Security
Cybersecurity Is Core To Business Resilience
The perception of cybersecurity is shifting. It's no longer just about preventing breaches with tools. Instead, a mature security program is now seen as a key indicator of a company's overall resilience, reflecting its ability to manage risk, control systems, and respond effectively to disruptions.
Neeraj Dhiman ·
Security
A Perl Library Flaw Makes Passwords Easier to Crack
The Crypt-SaltedHash library for Perl used a weak method to generate random "salts," a key part of password security. This makes the salts predictable, allowing attackers to more easily crack hashed passwords on systems using this library.
Neeraj Dhiman ·
Security
New OWASP Tool Scans Dependencies Locally
A new OWASP-backed open-source tool called CVE Lite CLI helps developers find security vulnerabilities in their code dependencies. It works locally by scanning JavaScript and TypeScript lockfiles, providing instant feedback so issues can be fixed early in the development process.
Neeraj Dhiman ·
Security
Ubuntu Patches Flaw That Lets JPEGs Crash Apps
Ubuntu has patched a critical vulnerability in its GDK-PixBuf image library. A specially crafted JPEG file could crash an application, cause a denial of service, or even allow an attacker to execute arbitrary code on affected systems.
Neeraj Dhiman ·
Security
Critical GDAL Library Vulnerability Discovered
A high-severity vulnerability has been discovered in the Geospatial Data Abstraction Library (GDAL). The flaw, located in its bundled LibTIFF component, could allow an attacker to execute arbitrary code, cause a denial of service, or access sensitive information by using a specially crafted TIFF image file.
Neeraj Dhiman ·
Security
Chrome and Defender Under Active Attack
Google issued an urgent update for a critical Chrome vulnerability that could allow code execution. Meanwhile, attackers are actively exploiting flaws in Microsoft Defender. Other security news includes scrutiny of child safety on major platforms and new spyware detection tools.
Neeraj Dhiman ·
Security
Testing Driver Flaws Without Hardware
Security researchers have detailed a method for interacting with and testing Windows kernel-mode drivers without the physical hardware they control. This approach simplifies vulnerability analysis, allowing security teams to evaluate driver exploits that are normally gated by the presence of specific hardware components.
Neeraj Dhiman ·
Security
Cyber Insurance Now Drives Security
Cyber insurance is no longer just a safety net; it's actively shaping corporate security strategies. Insurers are now requiring organizations to quantify their cyber risk, leading to more rigorous security practices and a clearer understanding of what policies actually cover and what they leave exposed.
Neeraj Dhiman ·
Security
Schneier Hosts Open Security Discussion
The 'Schneier on Security' blog has published its recurring 'Friday Squid Blogging' post. While ostensibly about marine life, the post serves as a well-known open thread for the security community to discuss recent news and topics that were not covered on the blog during the week.
Neeraj Dhiman ·
Security
Hacker Jailed For Oregon Government Hack
A Romanian national has been sentenced to 56 months in federal prison for hacking into an Oregon state government computer network. The attacks also targeted dozens of other U.S. victims, highlighting the serious legal consequences of cybercrime and successful international law enforcement cooperation.
Neeraj Dhiman ·
Security
Over Half of CISOs Would Pay Ransom
A new survey commissioned by Absolute Software reveals a significant trend in ransomware response. It found that 58% of Chief Information Security Officers (CISOs) say their organization would pay a ransom to recover data, highlighting a major shift in incident response strategy.
Neeraj Dhiman ·
Security
Security Flaw in Ubuntu Papers App
A remote code execution vulnerability was found in the Papers reference management app on Ubuntu. Attackers can exploit it by tricking users into opening a malicious PDF file, potentially allowing them to run arbitrary code. The flaw stems from how the application handles specific PDF actions.
Neeraj Dhiman ·
Security
Media File Flaw Puts Legacy Ubuntu Servers at Risk
A security patch has been released for a critical GStreamer vulnerability affecting Ubuntu 16.04 LTS. Malicious AVI files could allow attackers to crash systems or run arbitrary code, making this update crucial for teams managing legacy infrastructure.
Neeraj Dhiman ·
Security
QEMU Flaw Puts Old Ubuntu Systems at Risk
A vulnerability in QEMU's iSCSI driver affects Ubuntu 14.04 LTS. Attackers could use it to crash systems or potentially execute code, posing a risk for users of the outdated operating system.
Neeraj Dhiman ·
Security
Microsoft Named Leader in Endpoint Protection
For the seventh consecutive time, Microsoft has been recognized as a Leader in the 2026 Gartner Magic Quadrant for Endpoint Protection. The placement highlights the company's strength in the endpoint security market, particularly with its Microsoft Defender product, amid increasingly coordinated and fast-moving cyber threats.
Neeraj Dhiman ·
Security
NNCP Flaw Allows Remote File Access
A security vulnerability has been found in the NNCP file transfer utility. The flaw allows a remote attacker to bypass directory restrictions and read or write files anywhere on the system. This is a high-severity path traversal issue affecting users of this specific tool.
Neeraj Dhiman ·
Security
AI 'Power Users' Create Most Risk
A new report from LayerX Security finds that enterprise AI risk is not evenly distributed. A small group of "power users" accounts for the majority of AI-related security exposure, highlighting a visibility gap for many organizations trying to manage their data and security policies effectively.
Neeraj Dhiman ·
Security
Ruby Fights Hackers by Delaying New Code
Ruby's package manager now lets developers delay installing new code versions for a set period. This 'cooldown' creates a window for the community to find and report malicious packages before they can cause widespread damage.
Neeraj Dhiman ·
Security
Vulnerability Found in Highlight.js Library
A prototype pollution vulnerability has been discovered in Highlight.js, a widely-used syntax highlighting library. The flaw could allow an attacker to cause a denial of service or trigger unexpected application behavior. It affects web applications that use the library for displaying code snippets.
Neeraj Dhiman ·
Security
Texmaker Vulnerability Allows Code Execution
A security flaw has been discovered in the Texmaker LaTeX editor. The vulnerability stems from how the application handles TIFF image files, allowing a malicious image to cause a denial of service, leak sensitive information, or permit remote code execution on a user's system.
Neeraj Dhiman ·
Security
Bad Design Is Your Biggest Security Risk
A top university CIO argues that security fails when it's hard to use. He says controls should be invisible to users, and the same principle must apply to new AI agents to keep them secure.
Neeraj Dhiman ·
Security
Secure JavaScript projects with one command
DepsGuard is a new open-source tool that simplifies securing JavaScript projects. It applies recommended security settings, like package cooldowns and disabling install scripts, across multiple package managers (npm, pnpm, yarn, bun, uv) with a single command, addressing common supply chain vulnerabilities.
Neeraj Dhiman ·
Security
Your Temporary Passwords Are a Permanent Risk
Temporary passwords for new hires often become permanent security risks. They are sent insecurely and reused, creating a weak link in your company's defenses that attackers can easily exploit.
Neeraj Dhiman ·