CSO Online

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, ...

A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud'

A critical misconfiguration in AWS's CodeBuild service allowed complete takeover of the cloud provider's own GitHub ...
Cryptopolitan on MSN

DeFi protocol Morpho shuts down Discord amid rampant scams on public channels

The Morpho decentralized lending protocol has announced its Discord channel will change to a “read-only” mode, joining ...
Techzine Europe

CodeBreach enables takeover of AWS GitHub repositories

Wiz discovered a critical vulnerability in AWS CodeBuild that allowed attackers to access core AWS repositories, including ...
CSO Online

Researchers warn of long‑running FortiSIEM root exploit vector as new CVE emerges

The latest phMonitor vulnerability continues a multiyear pattern of unauthenticated command‑injection flaws in Fortinet’s ...