Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...
DataBreachToday

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

CISA orders feds to patch DarkSword iOS flaws exploited attacks

CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage ...

This popular app builder has been hijacked to steal Microsoft account details - here's what we know

Bubble.io's good name is being tarnished by advanced and convincing phishing lures.

Innovative AS400 Modernization with AS/Forward Platform

Golden Path Digital, a frontrunner in enterprise modernization solutions, has today unveiled AS/Forward, a sophisticated ...
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Valentić told The Hacker News that the use of fake progress indicators mimicking legitimate installation progress and the ...
CSO Online

GitHub phishers use fake OpenClaw tokens to drain crypto wallets

Attackers exploit OpenClaw hype with fake “CLAW” airdrops, luring developers from GitHub into wallet-draining phishing sites.

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...
TidBITS

DarkSword Exploit Threatens iPhones Still Running iOS 18

Security researchers have discovered DarkSword, a sophisticated exploit chain targeting iOS 18.4 through 18.7.2. Unlike past spyware aimed at high-profile targets, DarkSword is being surreptitiously ...

Ex-VP blasts TD Securities’ diversity practices in $6-million wrongful dismissal lawsuit

Violeta Nusinoff alleges TD Securities did not have cause to fire her from her role as VP of mergers and acquisitions ...