Dashlane explains how attackers managed to download encrypted password vaults

Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to ...
The Hacker News

WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

Russia-aligned hackers are still exploiting WinRAR CVE-2025-8088 against Ukrainian organizations nearly a year after patches ...

Dashlane Reveals How Attackers Copied Encrypted Vaults In May 31 Incident

After some Dashlane users were locked out of accounts and a limited number of encrypted password vaults were downloaded, the ...
Infosecurity Magazine

North Korean Hackers Use Fake Coding Tasks to Steal Crypto

To reach protected secrets, the macOS and Linux versions show a fake password dialog, then reuse the captured password to ...
SecurityWeek

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk

Six Microsoft 365 Android apps contain an identical flaw that could risk billions of downloads being compromised. The ...

Windows BitLocker exploit sparks messy feud between Microsoft and the researcher who exposed it

The issue centers on a zero-day exploit called "YellowKey," published earlier this month by a security researcher known as Chaotic Eclipse, also known online as Nightmare-Eclipse.
Infosecurity-magazine.com

New SilabRAT Trojan Hijacks Sessions to Steal Crypto

A new remote access trojan sold on dark web forums has been built to drain cryptocurrency, hijacking victims' logged-in sessions to slip past passwords and multi-factor checks. Dubbed SilabRAT, the ...
Morning Overview on MSN

Hackers are now hiding inside the AI coding assistants developers trust the most — a single poisoned config file quietly smuggling stolen keys out of build servers

Sometime in early 2025, a security researcher flagged a configuration file that could do something it was never supposed to: ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...