The Yala protocol has suffered a devastating blow to its ecosystem: on September 14, its Bitcoin-backed stablecoin YU collapsed by nearly 80%—plunging from $1 to $0.20—after attackers exploited a vulnerability in the system. The...
Google has confirmed that a bogus account was created in its Law Enforcement Request System (LERS), the portal used by government agencies to request user data. A company spokesperson said: “We discovered a fake...
Experts at Unit 42 have presented an analysis of vulnerabilities associated with the use of large language model–based coding assistants. These tools, integrated into IDEs such as GitHub Copilot, can perform a wide range...
Twenty-two-year-old American Conor Brian Fitzpatrick, better known by his alias Pompompurin, has received a new sentence in the case concerning the creation and administration of the notorious hacking forum BreachForums. An appellate court overturned...
Apple has released supplemental security updates for older iPhone and iPad models, addressing a zero-day vulnerability previously patched in the latest versions of iOS, iPadOS, and macOS. Tracked as CVE-2025-43300, the flaw stems from...
A dangerous worm dubbed Shai-Hulud has been uncovered in the JavaScript ecosystem, infecting at least 187 packages in the NPM repository. What sets it apart is that it not only steals developer credentials but...
Researchers at Socket have disclosed a new attack against the npm ecosystem, in which more than 40 packages were discovered to be laced with embedded malicious code. The compromise mechanism was meticulously engineered: it...
OpenAI has enabled support for the Model Context Protocol (MCP) in ChatGPT, permitting third-party services such as Gmail, calendars, SharePoint, Notion and other data sources to be integrated. The intent was to enrich the...
In the second quarter of 2025, experts at HP Wolf Security documented a wave of sophisticated attacks in which adversaries employed unconventional living-off-the-land (LOTL) tactics to evade detection. Multiple obscure system utilities were brought...
Experts at Mosyle have uncovered a new strain of malware, named ModStealer, which has proven entirely invisible to antivirus solutions. The program was first uploaded to VirusTotal nearly a month ago without triggering a...
Chinese-language users became the target of a new SEO poisoning campaign that spread malware through counterfeit download sites for popular applications. Fortinet’s FortiGuard Labs reports that threat actors elevated malicious pages in Google results...
The High Court in London has overturned the decision to extradite Portuguese national Diogo Santos Coelho to the United States. The young man, known by the alias Omnipotent, was the administrator of RaidForums, one...
