A malicious package discovered in npm (node package manager) hides its code using invisible Unicode characters and uses Google Calendar links for communication with its C&C servers.

Coinbase, Inc., a cryptocurrency exchange with over 100 million users, announced that some rogue customer support agents sold customer data to cybercriminals. The extortionists demanded a 20 million USD ransom for nondisclosure of the stolen information.

Google introduces a new security feature to Chrome. The new protection system uses the on-device Gemini Nano large language model (LLM) to detect and block scams while users are browsing the web.

Hackers exploit a critical privilege escalation vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin to create new admin accounts on vulnerable sites.

Socket’s Threat Research Team discovered seven malicious Python packages that use Gmail SMTP servers and WebSockets for data exfiltration and remote command execution.

Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised.

The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year’s attack that had compromised multiple US telecommunications companies.