AI Code Tools Widely Hallucinate Packages

Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. “Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack,” Positive Technologies…

The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating System Solutions) Linux systems with malicious Desktop shortcut files in attacks targeting Indian Government entities. “Initial access is achieved through spear-phishing emails,” CYFIRMA said. “Linux BOSS environments are targeted via weaponized .desktop

A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network.

At the Autonomous University of Yucatán (UADY), technology has long been central to supporting academic excellence.  As the university expanded to serve more than 20,000 students across five campuses, its IT team faced increasing pressure on an aging cybersecurity infrastructure. Manual patching, limited firmware support, and rising costs made it harder to defend against evolving…

Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said.

A whole criminal ecosystem revolves around scamming users out of their crypto assets, but malicious — or vulnerable — smart contracts could be used against businesses as well.