Red Dog Security

The Shai-Hulud worm has expanded beyond the npm ecosystem and has been detected in Maven. Specialists at Socket discovered an infected package in Maven Central that contains the same malicious components used in the second wave of Shai-Hulud attacks. Maven Infection Details Experts identified the package org.mvnpm:posthog-node:4.

OpenAI reported a compromise of the third-party analytics service Mixpanel, which was used to track user actions in the frontend part of the product running on the OpenAI API. The attack led to a data leak affecting a portion of customers. Per an official statement from OpenAI, the incident only

Researchers at Morphisec discovered a malicious campaign in which attackers are distributing the StealC V2 infostealer through infected files for the Blender 3D editor, uploading the malware to marketplaces like CGTrader. Blender's Vulnerability Surface Blender is a popular open-source project for creating 3D graphics. The software supports execution

BI.ZONE experts analyzed over 3,500 listings on shadow marketplaces offering services for gathering information about people—so-called "пробив" or data lookups. Every fifth offer (21%) promises a complete dossier on a specific individual. Price Segments and Services Per the researchers, prices for these lookups range from

Asus released firmware updates to fix nine vulnerabilities, including a critical authentication bypass issue in routers with the AiCloud feature enabled. AiCloud is a cloud-based remote access feature built into many Asus routers that transforms them into private cloud servers. The feature allows users to access files stored on USB

FortiGuard Labs researchers discovered a new Mirai-based botnet named ShadowV2 that exploits at least eight vulnerabilities in IoT devices from D-Link, TP-Link, and other manufacturers. The malware first appeared during a major AWS outage in October 2024 and operated only for the duration of that incident, suggesting the attackers were