supply chainnpm registry attacked by secret-stealing worm
A new large-scale attack on a popular JavaScript code registry has hit around 150 packages. The automatic propagation of the threat makes it especially dangerous — developers need to react ASAP.
Latest
AIThe pros and cons of AI-powered browsers
A race between tech giants is unfolding before our very eyes. Who’ll be the first to transform the browser into an AI assistant app? As you test these new products, be sure to consider their enormous impact on security and privacy.
supply-chain attackPopular npm packages compromised
Unknown attackers have compromised several popular npm packages in a supply-chain attack.
privacyKeeping kids safe online: A practical guide for parents
The internet never forgets — and what kids post or share today can come back to hurt them, either right away or years down the line. Here’s how to shrink your child’s digital footprint without resorting to battles or bans.
Attacks on 5G networks: the arms race continues
How 5G smartphone connectivity can be compromised, and what it means for subscribers.
Three approaches to workplace “shadow AI” from the cybersecurity standpoint
Most employees are already using personal LLM subscriptions for work tasks. How do you balance staying competitive with preventing data leaks?
Taking the biscuit: why hackers like cookies so much
We explain how cyberattackers intercept cookies, the role of the session ID, and how to keep your cookies from going over to the dark side.
How to avoid becoming a money mule
This article explains what might happen if someone transfers you funds and then you withdraw the equivalent in cash from your account to give to them, or if you use your own card to pay for a purchase they make.
wordpressVulnerabilities in WordPress themes and plugins: how to protect your site
WordPress sites are increasingly becoming targets of attacks exploiting vulnerabilities in plugins and themes. In this post, we examine recent cases and share protection tips.
Gamers
Gamers beware: Trojans have invaded Steam
If you still think that Steam, Google Play, and the App Store are malware-free, then read this fascinating story about PirateFi and other hacker creations disguised as games.
How scammers attack young gamers
Autumn is here, kids are going back to school and also meeting up with friends in their favorite online games. With that in mind, we have just carried out one of our biggest ever studies of the threats young gamers are most likely to encounter.
Live hack: Apex Legends esports tournament scandal
Hackers have long been engaging with the gaming world: from cracking games and creating cheats, to, more recently, attacking esports players live during an Apex Legends tournament. Regarding the latter, we break down what happened and how it could have been avoided.
Mario Forever, malware too: a free game with a miner and Trojans inside
Malicious versions of the free-to-download game Super Mario 3: Mario Forever plant a miner and a stealer on gamers’ machines.
Minecraft players under attack
Minecraft mods downloaded from several popular gaming websites contain dangerous malware. What we know so far.
The Phantom Menace: how gamers of different ages are being attacked
Why scammers are more likely to target kids than hardcore gamers, how they do it, and what they want to steal
Business
Serious NX build compromise — what you need to know about the s1ngularity attack
A popular developer tool has been trojanized and is uploading secrets to public GitHub repositories. We discuss what’s important to know for both developers and cybersecurity services.
An APT… through your webcam
How attackers can hijack your computer through its webcam — and how to stop it.
Phishing scam targeting Ledger wallet owners
Attackers spin poignant tales of lost private keys as they try to phish seed phrases.
Practical exploitation of Retbleed on AMD CPUs
Google experts have demonstrated how complex hardware vulnerabilities in CPUs can be effectively exploited.
side-channel attackSleepwalk: a sophisticated way to steal encryption keys
Researchers have devised a theoretical attack to steal private encryption keys through monitoring standard CPU and OS behavior.
I firmly believe that the concept of cybersecurity will soon become obsolete, and cyberimmunity will take its place.
Eugene Kaspersky
Tips
Digital detox: How to take a safe break from screens
Planning a safe digital detox: a checklist to help prepare for a vacation and unwind in peace.
How to safely convert files
Online converters are a tempting but dangerous way to change file formats. We tell you how to convert files and not get trojanized.
New Year’s resolutions for a cybersecure 2025
Mistakes to learn from in 2024 – and resolutions for a safer 2025.
How safe is encrypted file storage?
Threats to data stored in Sync, pCloud, and other encrypted alternatives to Dropbox.