Aggregator

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

The Hackers News
9 months 1 week ago
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling
The Hacker News

CVE-2007-3191 | JFFNMS Just For Fun Network Management System 0.8.3 admin/adm/test.php phpinfo cross site scripting (EDB-30173 / Nessus ID 26035)

Vuldb Updates
9 months 1 week ago
A vulnerability was found in JFFNMS Just For Fun Network Management System 0.8.3. It has been declared as problematic. This vulnerability affects the function phpinfo of the file admin/adm/test.php. The manipulation results in basic cross site scripting. This vulnerability is known as CVE-2007-3191. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

OT security needs continuous operations, not one-time fixes

Help Net Security
9 months 1 week ago

Cyberattacks keep hitting the OT systems that critical infrastructure operators run, according to new research from Forrester. In a survey of 262 OT security decision-makers, 91% reported at least one breach or system failure caused by a cyberattack in the past 18 months. These attacks disrupted essential services, damaged reputations, and created regulatory and financial consequences. The study highlights the limits of current OT security approaches. While many vendors build products using Secure by Design … More →

The post OT security needs continuous operations, not one-time fixes appeared first on Help Net Security.

Anamarija Pogorelec

Cybersecurity jobs available right now: September 16, 2025

Help Net Security
9 months 1 week ago

CISO Haier Europe | Italy | On-site – View job details As a CISO, you will develop an information security strategy aligned with organizational priorities, secure executive support, and oversee the protection of data, intellectual property, and technology assets. You will establish and enforce security policies, procedures, and protocols, and identify and mitigate risks to ensure resilience against emerging threats. CSIRT Analyst Advens | Germany | Remote – View job details As a CSIRT Analyst, … More →

The post Cybersecurity jobs available right now: September 16, 2025 appeared first on Help Net Security.

Anamarija Pogorelec

Vietnam Probes Breach of Credit Agency Run by Central Bank

DataBreachToday.com
9 months 1 week ago
Cybercrime Group ShinyHunters Advertises 160 Million Stolen Records
Vietnam's central bank is probing a hack attack that breached its credit reporting division, exposing personally identifiable information. The cybercrime group ShinyHunters claimed credit for the breach, advertising on a cybercrime forum 160 million stolen records for $175,000.

YesWeHack Bug Bounty Boosts Security Collaboration

DataBreachToday.com
9 months 1 week ago
Live Hacking Event Offers New Insights Over Traditional Testing
In today's threat landscape, as attackers grow more sophisticated, organizations are finding that direct collaboration between ethical hackers and development teams offers advantages traditional testing methods can't always match.

HHS Offers $50B in Rural Health Grants Including IT, Cyber

DataBreachToday.com
9 months 1 week ago
Will Funding Offset Bigger Cuts Planned for Rural Health Under Big Beautiful Bill?
The Department of Health and Human Services has rolled out a $50 billion grant program to "transform" rural healthcare. The program - authorized under the "Big Beautiful Bill" - includes investment opportunities related to IT and cybersecurity. But is it nearly enough?

Managed ad