2025

Shai-Hulud worm returns, belches secrets to 25K GitHub repos

Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days A self-propagating malware targeting node package managers (npm) is back for a second round, according to Wiz researchers who say that more than 25,000 developers had their secrets compromised within three days.…

FCC guts post-Salt Typhoon telco rules despite ongoing espionage risk

Months after China-linked spies burrowed into US networks, regulator tears up its own response The Federal Communications Commission (FCC) has scrapped a set of telecom cybersecurity rules introduced after the Salt Typhoon espionage campaign, reversing course on measures designed to stop state-backed snoops from slipping back into America's…

CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse

Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may…

ShinyHunters ‘does not like Salesforce at all,’ claims the crew accessed Gainsight 3 months ago

Shiny talks to The Reg EXCLUSIVE  ShinyHunters has claimed responsibility for the Gainsight breach that allowed the data thieves to snarf data from hundreds more Salesforce customers.…

Four charged over alleged plot to smuggle Nvidia AI chips into China

Prosecutors say front companies, falsified paperwork, and overseas drop points used to dodge US export rules Four people have been charged in the US with plotting to funnel restricted Nvidia AI chips into China, allegedly relying on shell firms, fake invoices, and covert routing to slip cutting-edge GPUs…

Russia-linked crooks bought a bank for Christmas to launder cyber loot

UK cops trace street-level crime to sanctions-busting networks tied to Moscow's war economy On Christmas Day 2024, a Russian-linked laundering network bought itself a very special present: a controlling stake in a Kyrgyzstan bank, later used to wash cybercrime profits and funnel money into Moscow's war machine, according…

ZTE Launches ZXCSec MAF security solution for large model

A multi-layered security framework protecting large-model applications from adversarial threats, data leakage, API abuse, and content risks Partner Content  At MWC Shanghai 2025, ZTE has officially launched its ZXCSec MAF product, a dedicated application-layer security protection device specifically designed for large model services.…

Google links Android’s Quick Share to Apple’s AirDrop, without Cupertino’s help

Relies on very loose permissions, but don’t worry – Google wrote it in Rust Google has linked Android’s wireless peer-to-peer file sharing tool Quick Share to Apple’s equivalent AirDrop.…

SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere

Company 'clearly delighted' with the outcome The US Securities and Exchange Commission (SEC) has abandoned the lawsuit it pursued against SolarWinds and its chief infosec officer for misleading investors about security practices that led to the 2020 SUNBURST attack.…

Fired techie admits sabotaging ex-employer, causing $862K in damage

PowerShell script locked thousands of workers out of their accounts An Ohio IT contractor has pleaded guilty to breaking into his former employer's systems and causing nearly $1 million worth of damage after being fired.…

Copyright © 2026 Lugapel