The maintainers of the Python Package Index (PyPI) have issued a warning about a widespread phishing campaign targeting Python developers. Attackers are impersonating PyPI in an effort to steal login credentials by redirecting users to malicious lookalike websites. How the Attack Works Developers are receiving phishing emails with the subject
The women-focused platform Tea has suffered two serious data breaches—first, an unsecured Firebase database containing users’ personal data was posted to 4chan, followed days later by a second leak exposing over 1.1 million private messages exchanged on the app. What Is Tea? Tea bills itself as a private,
In recent weeks, several open-source developers have fallen victim to phishing attacks, leading to malware being injected into widely used npm packages—some of which receive over 30 million downloads per week. Toptal Incident: Internal Tools Turned Attack Vectors On July 20, 2025, cybersecurity firm Socket reported the compromise of
Gaming hardware manufacturer Endgame Gear has confirmed that malware was embedded in the official configuration tool for its OP1w 4k v2 mouse, which was hosted on the company’s website between June 26 and July 9, 2025. Discovery and Initial Reports The first signs of trouble emerged on Reddit, where
Microsoft Discloses ‘Sploitlight’ Vulnerability Affecting macOS Microsoft has disclosed details of a now-patched vulnerability in macOS that could have allowed attackers to bypass Apple’s Transparency, Consent, and Control (TCC) protections and steal sensitive user data—including cached Apple Intelligence content. TCC is the security framework in macOS responsible for
More than 200,000 WordPress websites are running a vulnerable version of the Post SMTP plugin, exposing them to the risk of administrator account takeovers. Post SMTP is a widely used email delivery plugin, with over 400,000 active installations. Promoted as a more reliable alternative to WordPress’s default
A critical remote code execution (RCE) vulnerability has been discovered in LG surveillance cameras—but no fix is coming. The flaw, which allows attackers to gain administrative control, affects thousands of devices worldwide and is being actively highlighted by security experts and government agencies. CISA Issues Warning Last week, the
A critical Windows vulnerability affecting dozens of Microsoft products has been patched with help from Positive Technologies’ research team. The flaw—tracked as CVE-2025-47955 and rated 7.8 on the CVSS scale—was discovered by Sergey Bliznyuk, a specialist with the PT SWARM vulnerability research unit. Vulnerability Overview CVE-2025-47955 impacted
Kristopher Dallmann, the founder of the pirate streaming platform Jetflicks, has been sentenced to seven years in federal prison. Despite maintaining his innocence, Dallmann faced charges ranging from conspiracy and copyright infringement to money laundering. Jetflicks: A 12-Year Piracy Operation Jetflicks operated from 2007 until its shutdown by the FBI
Researchers at Kaspersky Lab have uncovered a new threat actor—FunkSec—believed to be among the first to deploy large-scale, AI-assisted ransomware operations. Active since late 2024, FunkSec is notable for its aggressive tactics, high automation, and use of generative AI to develop its malware. Distinct Characteristics FunkSec’s operations
Ring users are raising alarms after receiving unauthorized login alerts, all dated May 28, 2025. Despite growing concerns, Amazon-owned Ring insists the issue stems from a backend bug—not a breach. Over the past week, numerous users reported receiving notifications that their accounts had been accessed from unfamiliar devices across
Analysts from AquaSec have identified a novel strain of Linux malware named Koske, which conceals its payload inside JPEG images of pandas. Believed to be developed using artificial intelligence (AI), Koske is designed to infiltrate Linux systems by embedding malicious code directly into memory via deceptive image files. Adaptive Behavior