27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to...
Source: This article was originally published on The Hacker News
Read full article on source →Related Articles
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable...
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The...
Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed
A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the...
Goodbye Plugins: MCP Is Becoming the Universal Interface for AI
Three months ago, I spent two weeks building a custom plugin to connect our AI assistant to our internal CRM system. Last week, I replaced it with a Model Context Protocol (MCP) server that took four...
Hacker claims to leak WIRED database with 2.3 million records
A hacker claims to have breached Condé Nast and leaked an alleged WIRED database containing more than 2.3 million subscriber records, while also warning that they plan to release up to 40 million...
Martin Fowler on Preparing for AI’s Nondeterministic Computing
Martin Fowler, Thoughtworks chief scientist and long-time expert on object-oriented programming, views AI as the biggest shift in programming he has seen in his entire career. In an interview on the...