Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

'Adversaries are no longer just targeting products, they're targeting the developers who build them': CrowdStrike takes down major botnet targeting developers across …

The Glassworm botnet is no more, thanks to coordinated efforts between CrowdStrike, Google, and the Shadowserver Foundation.
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
Redmond Magazine

Microsoft Pushes Further Into Linux with Azure Linux 4.0 Rollout

Azure Linux 4.0 expands Microsoft’s Linux strategy for secure AI and server workloads. Azure Container Linux offers hardened, lightweight infrastructure for Azure containers and regulated enterprises.
Microsoft

Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware

Every day, we decide what software to trust in seconds guided by simple labels such as “verified,” “secure,” and “safe to install.” The problem is that those signs can be manipulated. Today, Microsoft ...
TechCrunch

Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom

Grafana Labs, the maker of its eponymous popular open source web visualization software, confirmed it had been hacked but that it refused to pay the hackers who had threatened to release the company’s ...
MacRumors

Apple Project Files Allegedly Stolen in Foxconn Ransomware Attack

Apple supplier Foxconn has confirmed a cyberattack on several of its U.S. factories, after a ransomware group claimed to have stolen confidential Apple project files as part of the hack. The Nitrogen ...
Cult of Mac

Ransomware gang claims theft of Apple files in Foxconn attack

Foxconn, a critical supplier for major hardware companies including Apple and Nvidia, confirmed Tuesday that a cyberattack struck its North American operations. And the group behind the attack claims ...
Government Technology

FBI: Ransomware Still a Top Threat to Critical Infrastructure

Ransomware continues to pose a serious threat to U.S. critical infrastructure, with more than 2,100 related incidents reported to federal authorities in 2025, according to the latest FBI Internet ...
Fox News

Banking tech data breach exposes 672K in ransomware attack

If you've ever trusted your bank to keep your financial data safe, this incident will hit close to home. A behind-the-scenes tech company used by banks has revealed that more than 672,000 people had ...