Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...

Luminar Media Group Files to Change Corporate Name to Fortun Corp. and Trading Symbol to FRTU

Corporate Rebranding Aligns Public Company Identity With the Fortun Brand MIAMI, FLORIDA / ACCESS Newswire / March 9, ...

DOJ releases Epstein files records with allegations against Trump

The release came after news reports about the documents being withheld. The Department of Justice said the documents had been ...
InfoWorld

Reactive state management with JavaScript Signals

The Signals pattern was first introduced in JavaScript’s Knockout framework. The basic idea is that a value alerts the rest of the application when it changes. Instead of a component checking its data ...

Verifying details from Epstein files and AI images spreading in Nancy Guthrie kidnapping

We're analysing videos from state celebrations in Iran where people are heard shouting 'death to the dictator' The team is ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...

The battle-hardened fighters ready to put boots on ground in Iran

The spotlight is once again on the Kurds in the Middle East.
The Hacker News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...

Library and Archives planning deep cuts to access to information team, document shows

The archives, or LAC, is the central storing house for historical records from across the federal government and is widely ...