Fake Paysafe, Skrill npm Packages Steal Developer Data
Developers building payment integrations just became the target of a coordinated supply chain attack. Security researchers uncovered fake Paysafe and Skrill npm packages designed to look like legitimate SDKs, but built instead to steal credentials from anyone who installed them. The campaign also spread through PyPI, Python's package repository, hitting developers across two of the most widely used software ecosystems

KDDI Data Breach Exposes Email Data of 12 Million People
A single vulnerability in shared email infrastructure has triggered one of Japan's largest data breaches in recent memory. KDDI, the country's second-largest mobile carrier, confirmed that a security incident tied to its email platform has exposed personal information belonging to more than 12 million people. The KDDI data breach also touches customers of five smaller internet service providers that rely

LONGLEASH Malware Expands Chinese Hacker Router Network
A Chinese state-linked hacking group has developed a new piece of malware that turns ordinary routers into hidden relay points for cyberattacks. Researchers at Cisco Talos have traced this activity to a group tracked as UAT-7810, and the tool at the center of it is called LONGLEASH. The LONGLEASH malware is not just another backdoor. It's built to expand what

JadePuffer Ransomware: The First Fully AI-Run Cyberattack
A ransomware attack usually needs a human behind the keyboard, at least at the critical moments. That assumption just broke. Security researchers at Sysdig have documented what appears to be the first ransomware operation carried out from start to finish by an autonomous AI agent, and they've named it JadePuffer ransomware. No operator typed commands during the intrusion. An AI

Microsoft 365 Password Spraying Attack Hits 78 Accounts
A large-scale password spraying attack has hit Microsoft 365 accounts across dozens of organizations, generating more than 81 million login attempts in just two weeks. Security researchers at Huntress tracked the campaign between June 12 and June 26, and confirmed that attackers successfully compromised 78 accounts spanning 64 organizations. What makes this campaign stand out isn't just its scale. The

ChocoPoC Malware Hides in Fake GitHub Security Exploits
Security researchers have uncovered a malware campaign that turns the tools of the trade against the people who use them. A newly identified threat called ChocoPoC malware is spreading through fake proof-of-concept exploits on GitHub, targeting the very researchers and penetration testers who download these files to study vulnerabilities. The campaign flips a familiar trust relationship on its head, using

ShinyHunters Disputes NAIC Data Breach Claims After Leak
A major insurance regulator just found itself at odds with the hacking group that broke into its systems. The NAIC data breach, first detected on June 11, has turned into a public dispute over exactly what was stolen and how serious the damage really is. The National Association of Insurance Commissioners, which oversees insurance regulation across all 50 states, confirmed

KDDI Data Breach Exposes Email Logins for 14 Million Customers
One of Japan's largest telecom providers has confirmed a serious security incident. A KDDI data breach has exposed the email credentials of up to 14.22 million customers — not just from KDDI itself, but from five additional internet service providers that shared the same compromised email infrastructure. The breach raises urgent questions about how shared systems across telecoms can turn

LastPass Confirms Data Breach in Supply Chain Attack
Password manager giant LastPass has confirmed a data breach affecting customer information stored in its Salesforce environment. The incident traces back to a supply chain attack on Klue, a third-party market intelligence platform, which gave hackers access to authentication tokens that connected into LastPass's CRM systems. Importantly, the breach did not touch user vaults or LastPass's core infrastructure. How the

WhatsApp Phishing Attack Spreads Via Fake Docs
A WhatsApp phishing attack is currently spreading across at least 11 countries, and it is more convincing than most. The messages arrive from people you know. The attachments look like invoices, financial reports, or account notices. And if you open one on a Windows PC, attackers can quietly take full control of your machine. Cybersecurity researchers have identified an active
