October 30, 2025

Docker Compose vulnerability opens door to host-level writes – patch pronto

Windows Desktop installer also fixed after DLL hijack flaw rated 8.8 severity Docker Compose users are being strongly urged to upgrade their versions of the orchestration tool after a researcher uncovered a flaw that could allow attackers to stage path traversal attacks.…

Invisible npm malware pulls a disappearing act – then nicks your tokens

PhantomRaven slipped over a hundred credential-stealing packages into npm A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, tokens, and secrets during installation. The packages appear safe when first downloaded, making them particularly difficult for security apps to identify.…

Cyberpunks mess with Canada’s water, energy, and farm systems

Infosec agency warns hacktivists broke into critical infrastructure systems to tamper with controls Hacktivists have breached Canadian critical infrastructure systems to meddle with controls that could have led to dangerous conditions, marking the latest in a string of real-world intrusions driven by online activists rather than spies.…

Postcode Lottery’s lucky dip turns into data slip as players draw each other’s info

Biz says 'technical error' caused short-lived leak affecting small number of users A major UK lottery organization says it has resolved a technical error that exposed customer data to other users.…

France jacks into the Matrix for state messaging – and pays too

Governments eye comms alternatives as sovereignty worries mount Comment  Decentralized communications network Matrix is hoping to be the beneficiary as European public and private sector organizations ponder alternatives to the messaging status quo.…

Copyright © 2026 Lugapel