Fri.May 09, 2025

article thumbnail

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

The Hacker News

Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor.

article thumbnail

This ultraportable LG laptop gives my 15-inch MacBook Air some serious competition

Zero Day

The LG Gram 17 (2025) with Intel's Lunar Lake chip feels like a big upgrade in terms of battery life and staying cool.

129
129
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation

The Hacker News

A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that's powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors.

IoT 128
article thumbnail

Cybercriminal services target end-of-life routers, FBI warns

Security Affairs

The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks. The FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life (EOL) routers. Attackers target EoL devices to deploy malware by exploiting vulnerabilities and create botnets for attacks or proxy services.

Malware 107
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Google Chrome will use AI to block tech support scam websites

Malwarebytes

Google has expressed plans to use Artificial Intelligence (AI) to stop tech support scams in Chrome. With the launch of Chrome version 137, Google plans to use the on-device Gemini Nano large language model (LLM) to recognize and block tech support scams. Users already have the ability to chose Enhanced Protection under Settings > Privacy and security > Security > Safe Browsing.

Scams 111
article thumbnail

I changed 6 settings on my Roku TV to instantly improve its performance

Zero Day

Below are a few step-by-step ways to clear your Roku cache and speed up the performance in just minutes.

98

LifeWorks

More Trending

article thumbnail

A cyber attack briefly disrupted South African Airways operations

Security Affairs

A cyberattack briefly disrupted South African Airways’ website, app, and systems, but core flight operations remained unaffected. South African Airways (SAA) is the national flag carrier of South Africa, the airline is wholly owned by the South African government and has subsidiaries including SAA Technical and Air Chefs. A cyberattack hit South African Airways, briefly disrupting its website, app, and systems.

article thumbnail

Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

The Hacker News

Google on Thursday announced it's rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops.

Scams 99
article thumbnail

How to upgrade your 'incompatible' Windows 10 PC to Windows 11 - 2 free options

Zero Day

Microsoft really doesn't want customers to upgrade older PCs, but there are workarounds for many models. Here's everything you need to know.

104
104
article thumbnail

Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials

The Hacker News

Cybersecurity researchers are warning of a new campaign that's targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025.

Software 101
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Your password manager is under attack, and this new threat makes it worse: How to defend yourself

Zero Day

Heard of polymorphic browser extensions yet? You will. These savage imposters threaten the very future of credential management. Here's what you need to know - and do.

article thumbnail

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

SecureWorld News

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The development marks a significant escalation in COLDRIVER's cyber espionage activities, which have traditionally focused on credential phishing. Historically, COLDRIVERalso known as Star Blizzard, UNC4057, and Callistohas targeted high-profile individuals and organizations, including NATO governments, NGOs, journalists, and former

Malware 84
article thumbnail

OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

The Hacker News

The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files.

Malware 94
article thumbnail

Catching a phish with many faces

We Live Security

Heres a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business

The Hacker News

AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI agents, you need to ask: Are they secure? AI agents work with sensitive data and make real-time decisions.

article thumbnail

If you own an AirTag, you need these accessories to maximize its potential

Zero Day

I found a solution to make AirTags, the best finder tags right now, easier to use despite their awkward UFO-like design.

89
article thumbnail

Beyond Vulnerability Management – Can You CVE What I CVE?

The Hacker News

The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center (VOC) dataset analysis identified 1,337,797 unique findings (security issues) across 68,500 unique customer assets.

85
article thumbnail

This premium Lenovo laptop nearly checks all the boxes for me - including battery life

Zero Day

Lenovo's Yoga 9i 2-in-1 Aura Edition is a solid, long-lasting work machine with a vibrant OLED display.

80
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Mobile security matters: Protecting your phone from text scams

Webroot

It all starts so innocently. You get a text saying Your package couldnt be delivered. Click here to reschedule. Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. Unless you know what to look out for, one little tap on the wrong text could cost you money and peace of mind.

Scams 72
article thumbnail

Here's how to get a free iPhone 16 Pro from T-Mobile with no trade-in required

Zero Day

For the first time, T-Mobile is offering a free iPhone 16 Pro (no trade-in required) when you sign up for their Experience Beyond plan.

Mobile 81
article thumbnail

Atomic Stealer Malware Targets macOS Users with Fake Evernote Crack

Penetration Testing

A new cyberattack is targeting macOS users, with the Atomic Stealer malware being distributed under the guise of The post Atomic Stealer Malware Targets macOS Users with Fake Evernote Crack appeared first on Daily CyberSecurity.

Malware 76
article thumbnail

EcoFlow's new backyard solar energy system starts at $599 - no installation crews or permits needed

Zero Day

The Stream series is a plug-and-play solar energy solution designed for homeowners and renters alike. Place on a balcony, roof, or backyard, and plug into a wall socket.

75
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

SonicWall fixed SMA 100 flaws that could be chained to execute arbitrary code

Security Affairs

SonicWall addressed three SMA 100 flaws, including a potential zero-day, that could allow remote code execution if chained. SonicWall patches three SMA 100 vulnerabilities (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821), including a potential zero-day, that could be chained by a remote attacker to execute arbitrary code. The first flaw, tracked as CVE-2025-32819 (CVSS score of 8.8), is a Post-Authentication SSLVPN user arbitrary file delete vulnerability. “A vulnerability in SMA100 al

article thumbnail

I wore the Whoop 5.0 - it gave me the best of Oura Ring, Apple Watch, and more

Zero Day

The health tracker brand has unveiled several medical-minded features, like ECG and blood pressure monitoring, for its Whoop 5.0 and Whoop MG launch.

82
article thumbnail

Chrome Crashing on Windows, Android, and macOS; iOS Unaffected

Penetration Testing

Since a month ago, users have been reporting abnormal crashes when launching Chromeimmediate crash alerts appear upon startup, The post Chrome Crashing on Windows, Android, and macOS; iOS Unaffected appeared first on Daily CyberSecurity.

article thumbnail

Meet the secret weapon that declutters my desk and cools my laptop in one go

Zero Day

The Belkin Connect Universal USB-C 11-in-1 Pro Dock is $9 off right now, too.

80
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

German Police Shut Down Crypto Laundering Platform eXch, Seize Millions

Penetration Testing

In a significant strike against the financial underpinnings of cybercrime, Germanys Federal Criminal Police Office (BKA) and the The post German Police Shut Down Crypto Laundering Platform eXch, Seize Millions appeared first on Daily CyberSecurity.

article thumbnail

Why smart businesses use AI to offload tasks and supercharge their teams

Zero Day

HR chiefs are boosting productivity by rolling out AI agents to handle the grunt work ('cognitive download'), but they're simultaneously leveling up skills ('cognitive upgrade').

77
article thumbnail

Russia-linked ColdRiver used LostKeys malware in recent attacks

Security Affairs

Since early 2025, Russia-linked ColdRiver has used LostKeys malware to steal files in espionage attacks on Western governments and organizations. Google’s Threat Intelligence Group discovered LOSTKEYS, a new malware used by Russia-linked APT COLDRIVER , in recent attacks to steal files and gather system info. The ColdRiver APT (aka Seaborgium , Callisto, Star Blizzard, TA446) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists an

Malware 63
article thumbnail

I've yet to find a Lenovo laptop that delivers more power, battery, and comfort than this

Zero Day

Lenovo's Yoga 9i 2-in-1 Aura Edition is a solid, long-lasting work machine with a vibrant display.

75
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!