AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

How data is building a smarter, safer, more predictable Seattle

Today, we’re entering an era in which data is now the next major competitive differentiator across every industry in the ...
Security Boulevard

What Is an Exposure Assessment Platform — And Why Your Website Is the Blind Spot

In November 2025, Gartner formalized a new security category — Exposure Assessment Platforms — evaluating 20 vendors on their ...

The U.S. dollar’s quiet decline: What investors should do now

Qatar has halted all LNG exports. U.S. gasoline prices jumped from roughly US$3 a gallon to US$3.45 in a single week, with a ...

Iran has not asked for ceasefire and sees no reason for talks with US, Iranian minister says

Donald Trump had said Tehran wanted a deal but he felt the terms were "not good enough". Meanwhile, Iran continues to strike ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

Belgian diplomat faces trial over 1961 Congo leader killing

Etienne Davignon, the only surviving suspect, is ordered to stand trial over war crimes tied to Patrice Lumumba's killing six decades ago. The case represents a historic moment in confronting ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
InfoQ

AWS Launches Managed Openclaw on Lightsail amid Critical Security Vulnerabilities

AWS launched managed OpenClaw on Lightsail for AI agent deployment while security concerns mount. The 250k-star GitHub project is affected by CVE-2026-25253, which enables one-click RCE, with 17,500+ ...

Critical Chrome Security Flaws Threaten Billions of Users Worldwide

Google patches two actively exploited Chrome vulnerabilities that could allow attackers to crash browsers or run malicious code. Billions of users urged to update.