Bleeping Computer

Popular node-ipc npm package compromised to steal credentials

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...

Two Unpatched Windows Exploits Target BitLocker, SYSTEM Access

Two unpatched Windows exploit PoCs target BitLocker protections and privilege controls after Microsoft’s May Patch Tuesday ...
TweakTown

Security researcher finds zero-day exploit that defeats Windows 11 BitLocker, calls it an insane 'backdoor' discovery

Users who rely solely on TPM-based BitLocker are most at risk, while those with a PIN or USB security key at boot are ...

Windows 11 receives BitLocker fix while Windows 10 users await update

Microsoft has patched a BitLocker recovery bug, but the fix is exclusive to Windows 11 version 25H2, leaving Windows 10 users ...
The Hacker News

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...

6 ways I use Fedora 44 beyond the basics - and why it's ready for anything

6 ways I use Fedora 44 beyond the basics - and why it's ready for anything ...
The Hacker News

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Turla turns Kazuar into a 3-module P2P botnet, enabling stealthy C2, resilient tasking, and persistent access.
Morning Overview on MSN

An 18-year-old heap buffer overflow in NGINX gives attackers remote code execution — billions of devices run the affected module

A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated ...

Artemis III: Nasa plans complex Earth orbit trial for Moon missions

According to Nasa, Artemis III is intended to reduce technical and operational risks before Artemis IV, which is expected to ...