UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

Hackers exploited a compromised npm package to breach cloud systems and gain full AWS administrator access within 72 hours.

One allows a remote attacker to execute arbitrary code inside a sandbox, the other could result in loss of sensitive information.

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...

"Follow the money," as the journalists and financial investigators say.

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, ...

Authorities dismantle Tycoon 2FA phishing service linked to 64,000 attacks, millions of emails, and breaches at nearly ...

Executive Summary We identified a security weakness in n8n’s credential management layer that could have completely compromised the application’s security. This finding highlights the core risks of ...

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

Conversations with Anthropic's models may now be accompanied by interactive apps Seeing is believing, or so it was said up until AI required questioning everything. But even when braced to resist the ...

NxGen Brands, Inc. (OTC: NXGB) (“NXGB” or the “Company”), a consumer-focused brand development and innovation company, today announced the official launch of ...