Bitwarden CLI npm package compromised to steal developer credentials
Bitwarden CLI npm package compromised, exposing developer secrets; users must rotate credentials.
Section
Security & privacy
Editorial section. Other sections and tags are in the Topics menu; for full-text use search.
-
-
Apple just fixed an iOS flaw exploited by the FBI - here's what happened
Apple’s iOS 26.4.2 update removes a notification‑preview flaw that let the FBI retrieve deleted Signal messages, and users can install it via Settings without any extra steps.
-
Kyber ransomware gang targets Windows and VMware with post-quantum encryption
A new Kyber ransomware operation targets Windows and VMware ESXi endpoints with post-quantum encryption, deploying two distinct variants to maximize impact.
-
Ransomware negotiator pleads guilty after leaking victims' insurance details to BlackCat hackers
Former ransomware negotiator Angelo Martino pleaded guilty to conspiring with BlackCat hackers to extort companies his firm was hired to protect, resulting in over $75 million in ransom payments.
-
Anthropic's model context protocol includes a critical remote code execution vulnerability
OX Security uncovered a remote code execution flaw in Anthropic's Model Context Protocol SDKs, affecting up to 200,000 AI servers, while Anthropic declined to patch the issue.
-
Anthropic investigates unauthorized access to Claude Mythos cybersecurity tool
Anthropic is probing a breach where a third‑party portal let a Discord group access its Claude Mythos AI security model, raising concerns about AI‑driven cyber‑risk and supply‑chain designations.
-
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
Over 1,300 unpatched Microsoft SharePoint servers exposed online remain vulnerable to a spoofing attack that was exploited as a zero-day.
-
Most Pi-hole setups leak your browsing to your ISP — here's the encryption layer that stops it
Most Pi-hole setups only block ads locally but leave DNS traffic visible to ISPs. Learn how to add encryption with a self-hosted dnscrypt-proxy solution.
-
Mozilla used Anthropic’s Mythos to find and fix 271 bugs in Firefox
Mozilla says it used Anthropic’s Mythos Preview to find and fix 271 vulnerabilities in Firefox 150, highlighting how AI-driven bug hunting could force a security overhaul across all software.
-
How to encrypt files on Android for free with OpenKeyChain
OpenKeyChain lets Android users encrypt and decrypt files for free using OpenPGP, with QR‑code key exchange and support for Google Drive storage.
-
KelpDAO suffers $290 million heist tied to Lazarus hackers
KelpDAO lost about $290 million after Lazarus hackers exploited LayerZero’s verification layer, stealing 116,500 rsETH tokens and prompting a freeze on Aave’s rsETH collateral.
-
Vercel confirms internal breach; non-sensitive env vars may be exposed
Vercel confirms internal breach involving environment variables; hacking group claims $2M data sale. Experts urge immediate review of config settings.
-
iOS 26.4.1 will automatically enable stolen device protection
Apple's iOS 26.4.1, released on April 8, automatically turns on Stolen Device Protection for eligible iPhones while delivering bug fixes, though no CVE details are disclosed.
-
NAKIVO v11.2 Introduces Automated Replication, vSphere 9, and Proxmox VE 9.0 Support for Enhanced Ransomware Defense
NAKIVO v11.2 enhances ransomware defense with automated replication and support for latest virtualization platforms, ensuring faster recovery and security.
-
Brazilian cybersecurity expert nearly falls victim to sophisticated Ledger Nano S+ counterfeit, highlighting risks of phishing attacks in crypto hardware
Brazilian cybersecurity expert narrowly avoids phishing attack using counterfeit Ledger Nano S+ wallet, exposing vulnerabilities in crypto hardware security
