
Socket Finds 17 Malicious Payment SDKs Stealing AWS Keys via npm, PyPI
Socket found 17 malicious npm and PyPI packages impersonating Paysafe, Skrill, and Neteller SDKs that stole AWS keys and payment

Socket found 17 malicious npm and PyPI packages impersonating Paysafe, Skrill, and Neteller SDKs that stole AWS keys and payment

NHS Forth Valley disclosed a breach after a staff member emailed maternity patient data, including NHS numbers and pregnancy records,

Threat actor ‘888’ listed 35 GB of Accenture source code, RSA keys, SSH keys, and Azure access tokens for sale

India’s IDRBT domain registry for the RBI-mandated .bank.in namespace exposed 5,576 bank employees’ credentials through 33-plus unauthenticated API endpoints.

Microsoft removed 119 malicious Edge extensions in the StegoAd takedown, exposing a steganography campaign hiding malware in image and font

Hijacked npm and Go packages exploit VS Code’s MCP tasks to bypass npm lifecycle hook protections and deploy a cross-platform

Thalha Jubair and Owen Flowers pled guilty to the 2024 Scattered Spider hack of Transport for London, causing GBP 29M

Four critical Dify vulnerabilities named DifyTap allow cross-tenant access to private AI chats, uploaded files, and internal APIs. Patched in

ShinyHunters claimed 2.2 million stolen Kodak records and set a publication deadline; Kodak confirmed a breach and engaged external cybersecurity

iRhythm Technologies confirmed in an SEC 8-K that social engineering gave hackers access to patient cardiac monitoring data, which they
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.