Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/
npm debug and chalk packages compromised
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised
Forcing Quirks Mode with PHP Warnings + CSS Exfiltration without Network Requests | XS-Spin Blog
https://blog.arkark.dev/2025/09/08/asisctf-quals
npm | Profile
https://www.npmjs.com/~qix
#malware #npm #supplychain #infosec #appsec #applicationsecurity | Mackenzie Jackson | 115 comments
https://www.linkedin.com/posts/advocatemack_malware-npm-supplychain-activity-7370829639537291264-jxZD/
Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack
https://www.bleepingcomputer.com/news/security/hackers-steal-3-325-secrets-in-ghostaction-github-supply-chain-attack/
Tenable Confirms Data Breach - Hackers Accessed Customers Contact Details
https://cybersecuritynews.com/tenable-confirms-data-breach/
Chinese Spies Impersonated US Lawmaker to Deliver Malware to Trade Groups: Report - SecurityWeek
https://www.securityweek.com/chinese-spies-impersonated-us-lawmaker-to-deliver-malware-to-trade-groups-report/
Post by @did:plc:rafigxgywdhajnmdkrph5izr — Bluesky
https://bsky.app/profile/did:plc:rafigxgywdhajnmdkrph5izr/post/3lydffcyulc2n
An unexpected journey into Microsoft Defender's signature World — retooling_
https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world
Salesloft: March GitHub repo breach led to Salesforce data theft attacks
https://www.bleepingcomputer.com/news/security/salesloft-march-github-repo-breach-led-to-salesforce-data-theft-attacks/
Break The Protective Shell Of Windows Defender With The Folder Redirect Technique
https://www.zerosalarium.com/2025/09/Break-Protective-Shell-Windows-Defender-Folder-Redirect-Technique-Symlink.html
GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms
https://thehackernews.com/2025/09/gpugate-malware-uses-google-ads-and.html
GitHub - BlinkZer0/MCP-God-Mode: Did you ever just want it to do everything? 148 POWERFUL Infosec/Admin tools on a single MCP server.
https://github.com/BlinkZer0/MCP-God-Mode
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
https://thehackernews.com/2025/09/github-account-compromise-led-to.html
Lovesac confirms data breach after ransomware attack claims
https://www.bleepingcomputer.com/news/security/lovesac-confirms-data-breach-after-ransomware-attack-claims/
Protect against OAuth Attacks in Salesforce with Microsoft Defender | Microsoft Community Hub
https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/protect-against-oauth-attacks-in-salesforce-with-microsoft-defender/4450584
Mohamed Jasser Toubib 🇹🇳 on X: "It got triaged Thank you @Hacker0x01 https://t.co/G3vMKR88xF" / X
https://x.com/WonderU360/status/1957748910778433731
Signal adds secure cloud backups to save and restore chats
https://www.bleepingcomputer.com/news/security/signal-adds-secure-cloud-backups-to-save-and-restore-chats/
Inside the Kimsuky Leak: How the “Kim” Dump Exposed North Korea’s Credential Theft Playbook - DomainTools Investigations | DTI
https://dti.domaintools.com/inside-the-kimsuky-leak-how-the-kim-dump-exposed-north-koreas-credential-theft-playbook/
Sports streaming piracy service with 123M yearly visits shut down
https://www.bleepingcomputer.com/news/security/massive-calcio-sports-streaming-piracy-service-with-123m-yearly-visits-shut-down/