Cyber News & Articles

Cyber News & Articles

Self-Replicating Worm Hits 180+ Software Packages 

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

read more
Cyber News & Articles

The AI Fix #68: AI telepathy, and rights for robots 

In episode 68 of The AI Fix, our hosts open the show by launching the thing nobody asked for but everybody wanted: our shiny new merch store – yes, including the “Would YOU trust a pigeon???” t-shirt for when you need fashion alongside health and safety.

Meanwhile, AI hoaxers send Manila firefighters racing to an imaginary blaze, Albania appoints an AI as a minister, and the godfather of AI gets dumped… by ChatGPT.

Plus Mark shows off his ventriloquism skills, while Graham describes a near-telepathic wearable that lets you “talk” without moving your lips, and we look into how humanity and AI has joined forces to fight for AI rights.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

read more
Cyber News & Articles

New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site 

Cybersecurity researchers have warned of a new campaign that’s leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware.
“The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection,” Acronis security researcher Eliad

read more
Cyber News & Articles

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack 

Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild.
The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file.
“Apple is aware of a report that this issue may have been exploited in an

read more
Cyber News & Articles

Securing the Agentic Era: Introducing Astrix’s AI Agent Control Plane 

AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats. 
Recent studies show 80% of companies have already experienced unintended AI agent actions, from unauthorized system

read more
Cyber News & Articles

Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds 

A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix.
The RowHammer attack variant, codenamed Phoenix (CVE-2025-6202, CVSS score: 7.1), is capable of bypassing sophisticated protection mechanisms put in place to resist the attack.
“We have proven that

read more
Cyber News & Articles

40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials 

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.
“The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling

read more
Cyber News & Articles

Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs 

The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk.
“The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor,” IBM X-Force researchers Golo Mühr and Joshua Chung said in an analysis published last week.
The tech giant’s

read more
Cyber News & Articles

6 Browser-Based Attacks Security Teams Need to Prepare For Right Now 

Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective. 
What is a browser-based attack?
First, it’s important to establish what a browser-based attack is.
In most scenarios, attackers don’t think of themselves as attacking your web browser.

read more

NEW CUSTOMERS CALL TODAY: 720.221.6804  |  EXISTING CUSTOMERS REQUIRING SUPPORT: 303.617.6442

X