News

Pen Test Partners

Discord as a C2 and the cached evidence left behind

TL;DR Why Discord appeals to attackers Discord has become an attractive tool for attackers not because it’s malicious, but ...

A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week - here's how to stay safe

Among the compromised npm packages are those from cybersecurity experts CrowdStrike, as well as others with millions of ...

AIOZ Network Launches AIOZ Stream, a Peer‑to‑Peer Protocol for Creator‑Owned, On‑Chain Streaming

Grand Anse, Mahe Island - September 17, 2025 - AIOZ Network today announced the launch of AIOZ Stream, a decentralized ...

Over 300 npm packages compromised by self-replicating worm0 0

A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which ...

Visium Technologies Expands TruContext(TM) with Tru-InSight(TM) - Transforming Existing Camera Networks into Proactive Video Intelligence

New Module Converts Passive Security Footage into an Active Intelligence Layer for Preemptive Threat Detection and Rapid Investigation FAIRFAX, VIRGINIA / ACCESS Newswire / September 16, 2025 /Visium ...
ADTmag

Qwiet AI Expands Integrations, Adds AutoFix Features to Application Security Platform

Application security provider Qwiet AI has expanded its integrations with Microsoft Azure and GitHub and introduced new AI-powered AutoFix capabilities aimed at speeding secure software delivery.
Infosecurity Magazine

Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets

The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...
SDxCentral

Cloudflare and CrowdStrike zero in on zero trust

Cloudflare, meanwhile, launched zero trust updates last month to combat the threat of shadow AI. According to Gartner, ...

New NPM attack: Self-replicating malware infects dozens of packages

It is possible that the attackers behind this attack are the same ones as last time. Their malicious code bears the name of a prominent science fiction monster.
The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
SecurityWeek

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack

Hackers used the secrets stolen in the recent Nx supply chain attack to publish over 6,700 private repositories publicly.

DePIN protocol AIOZ launches creator-driven streaming ecosystem

Decentralized P2P streaming protocol delivers onchain ownership and token-native monetization, debuting with VOD support and ...