‘Jingle Thief’ Highlights Retail Cyber Threats

This move comes less than a year after the United States banned Kaspersky products, out of the same fear that the company is under Russian government control.

At one point, Al-Tahery Al-Mashriky was hacking thousands of websites within the span of three months while stealing personal data and sensitive information.

Cybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations…

Cybersecurity risks can come from everywhere, as these riveting Dark Reading News Desk videos detail. Check out Part 1 of our broadcast coverage of the top research presented at Black Hat USA 2025.

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have attracted more than 17,000 downloads, and incorporate a previously undocumented version of…

Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. The attacks, designed to mine for Dero currency, is notable for its worm-like capabilities to propagate the malware to other exposed Docker instances and rope them into an ever-growing horde of mining bots. Kaspersky…