Airoha Bluetooth chipsets installed in dozens of audio devices from various manufacturers can be used for eavesdropping and theft of sensitive data.

Socket’s Threat Research Team discovered an active campaign involving dozens of malicious npm packages that collect and leak information from victims’ systems.

MathWorks, Inc., an American corporation specializing in mathematical computing software, was affected by a ransomware attack resulting in service interruptions.

Socket experts discovered in npm (node package manager) eight malicious packages that were downloaded from the repository more than 6,200 times over the last two years. All these packages could destroy data on users’ workstations.

Google developers announced a new feature in the Chrome browser enabling its built-in password manager to change compromised credentials automatically.

According to Cisco Talos, Chinese-speaking threat actors used a zero-day vulnerability in the Trimble Cityworks software to attack local governing bodies across the United States.

According to DomainTools Intelligence (DTI), more than 100 malicious Chrome browser extensions disguised as VPN services, AI assistants, crypto utilities, etc. are used to steal cookies and covertly execute remote scripts.

A new tool called Defendnot can disable Microsoft Defender protection on Windows devices even if no real antiviruses are installed in the system.

A malicious package discovered in npm (node package manager) hides its code using invisible Unicode characters and uses Google Calendar links for communication with its C&C servers.

Coinbase, Inc., a cryptocurrency exchange with over 100 million users, announced that some rogue customer support agents sold customer data to cybercriminals. The extortionists demanded a 20 million USD ransom for nondisclosure of the stolen information.

Google introduces a new security feature to Chrome. The new protection system uses the on-device Gemini Nano large language model (LLM) to detect and block scams while users are browsing the web.

Hackers exploit a critical privilege escalation vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin to create new admin accounts on vulnerable sites.

Socket’s Threat Research Team discovered seven malicious Python packages that use Gmail SMTP servers and WebSockets for data exfiltration and remote command execution.