InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...
Ecommerce Fastlane

What Is an Iframe? Pros, Cons, and How To Embed Them

Visitors to your website might want directions to your store via Google Maps, a roundup of your social media feeds, and a ...
PC Magazine

The Shady Emails Keep Coming. It's Time to Fight Back Against Spear Phishing

Targeted email scams are getting bolder and more convincing. Here's how they work, and the smartest ways to defend yourself. I review privacy tools like hardware security keys, password managers, ...
SDxCentral

OpenAI API breached after old fashioned phishing campaign exposes user details

AI giant OpenAI has revealed its API metadata was exposed in a security breach. A phishing incident at third-party data analytics provider Mixpanel compromised user details, including names, email ...
Bleeping Computer

OpenAI discloses API customer data breach via Mixpanel vendor hack

OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. Mixpanel offers event analytics that ...
Search Engine Land

Google Ads MCC takeover attacks are rising – here’s how the phishing scams work

The phishing attacks have left agencies and advertisers scrambling as entire client accounts and budgets fall out of their control. A surge of sophisticated phishing attacks is letting scammers take ...
HUB

Johns Hopkins IT warns of rise in phishing attempts, including phone call scams

Members of the Johns Hopkins community are encouraged to stay vigilant in light of a significant rise in the volume and sophistication of phishing messages targeting Johns Hopkins, as well as recent ...
CBS News

Google lawsuit accuses China-based cybercriminals of massive text-message phishing scams

Google is filing a federal lawsuit against a network of foreign cybercriminals based in China that is accused of launching massive text-message phishing attacks, the tech giant told CBS News in an ...
The Hill

Google sues cybercriminals behind E-ZPass, US Postal Service text scams

Google sued a group of cybercriminals on Wednesday who it alleges are responsible for illegal phishing scams that use company branding to target account holders. The lawsuit filed with the Southern ...
CSOonline

Phishing training needs a new hook — here’s how to rethink your approach

Phishing training exercises are a staple of enterprise security strategy, but research shows current approaches aren’t all that effective. Phishing is a tried-and-true attack vector. These attacks ...
Ars Technica

Microsoft warns of new “Payroll Pirate” scam stealing employees’ direct deposits

Microsoft is warning of an active scam that diverts employees’ paycheck payments to attacker-controlled accounts after first taking over their profiles on Workday or other cloud-based HR services.
Dark Reading

Phishing Is Moving From Email to Mobile. Is Your Security?

Email security has long dominated the enterprise security conversation — and rightfully so. It remains a key vector for phishing, credential theft, and social engineering. But in 2025, the threat ...