The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.
BeInCrypto

Binance Raises Critical Security Alarm for iPhone Users

Binance issued an urgent security alert warning cryptocurrency investors about a critical, zero-click vulnerability in Apple's iOS.
Axios on MSN

Spyware once used by governments is now spreading to cybercriminals

Cybercriminal groups are now using spyware tools once utilized mainly by spies and law enforcement to hack into iPhones, new ...

Iran threatens world tourist sites as more Marines deploy: Live updates

A U.S. defense official said that thousands more Marines are being deployed to the Middle East on an accelerated timeline.
WinBuzzer

GhostClaw Fake OpenClaw Installer Steals macOS Dev Credentials

JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto wallets from 178 macOS developers.

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...