Not a Kids Game: From Roblox Mod to Compromising Your Company

Seemingly harmless game mods can hide infostealer malware that quietly steals identities. Flare shows how Roblox mods can ...
Bleeping Computer

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. Previously spread through pirated software ...
CSOonline

Leaked Home Depot credential exposed internal systems for a year

Home Depot exposed access to internal systems for a year, TechCrunch reports. According to security researcher Ben Zimmermann, a Home Depot employee published a private GitHub access token sometime in ...
TechCrunch

Home Depot exposed access to internal systems for a year, says researcher

A security researcher said Home Depot exposed access to its internal systems for a year after one of its employees published a private access token online, likely by mistake. The researcher found the ...
Hackaday

This Week In Security: Hornet, Gogs, And Blinkenlights

Microsoft has published a patch-set for the Linux kernel, proposing the Hornet Linux Security Module (LSM). If you haven’t been keeping up with the kernel contributor scoreboard, Microsoft is #11 at ...
GitHub

jorben/github-access-token

我个人部署了服务,地址为:cors-server-ecru.vercel.app 。 如果不想折腾,只需把配置下的 proxy 改为 https://cors-server-ecru.vercel.app ...
CSOonline

ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

The new ToddyCat tooling shifts the group’s focus from browser theft to extracting Outlook mail archives and Microsoft 365 access tokens. Attackers behind the ToddyCat advanced persistent threat (APT) ...
The Hacker News

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. "The campaign introduces a new ...
U.S. News & World Report

Coinbase Launches New Platform for Early Access to Digital Tokens

(Reuters) -Coinbase Global said it will launch a new platform that will allow individual investors buy digital tokens before they are listed on the cryptocurrency exchange, sending its shares up 4% in ...
The Hacker News

PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, ...
winbuzzer.com

GitHub’s New Agent HQ Unites OpenAI, Anthropic, and Google Under One Roof

At its GitHub Universe 2025 event on October 28, GitHub launched Agent HQ. This new platform aims to solve the problem of using too many separate AI coding tools. Agent HQ turns GitHub into an open ...