The Hacker News

Why Secrets in JavaScript Bundles are Still Being Missed

Scanning 5M apps uncovered 42K exposed secrets in JavaScript bundles, revealing major gaps in traditional SAST, DAST, and ...
InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...
Ecommerce Fastlane

What Is an Iframe? Pros, Cons, and How To Embed Them

Visitors to your website might want directions to your store via Google Maps, a roundup of your social media feeds, and a ...
PC Magazine

The Shady Emails Keep Coming. It's Time to Fight Back Against Spear Phishing

Targeted email scams are getting bolder and more convincing. Here's how they work, and the smartest ways to defend yourself. I review privacy tools like hardware security keys, password managers, ...
SDxCentral

OpenAI API breached after old fashioned phishing campaign exposes user details

AI giant OpenAI has revealed its API metadata was exposed in a security breach. A phishing incident at third-party data analytics provider Mixpanel compromised user details, including names, email ...
Bleeping Computer

OpenAI discloses API customer data breach via Mixpanel vendor hack

OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. Mixpanel offers event analytics that ...
Search Engine Land

Google Ads MCC takeover attacks are rising – here’s how the phishing scams work

The phishing attacks have left agencies and advertisers scrambling as entire client accounts and budgets fall out of their control. A surge of sophisticated phishing attacks is letting scammers take ...
CBS News

Google lawsuit accuses China-based cybercriminals of massive text-message phishing scams

Google is filing a federal lawsuit against a network of foreign cybercriminals based in China that is accused of launching massive text-message phishing attacks, the tech giant told CBS News in an ...
The Hill

Google sues cybercriminals behind E-ZPass, US Postal Service text scams

Google sued a group of cybercriminals on Wednesday who it alleges are responsible for illegal phishing scams that use company branding to target account holders. The lawsuit filed with the Southern ...
Dark Reading

Phishing Tool Uses Smart Redirects to Bypass Detection

A new phishing tool targeting Microsoft 365 users has entered the chat, further democratizing social engineering campaigns for lower-skilled cybercriminals. The tool, called Quantum Route Redirect, ...
ZDNet

Your phishing detection skills are no match for 2025's biggest security threats

Clickfix attacks surged 500% in early 2025. Cybercriminals now use AI in BEC scams. AI is making phishing harder to detect. Cybercriminals are shifting their techniques to focus on the human element, ...
CSOonline

Phishing training needs a new hook — here’s how to rethink your approach

Phishing training exercises are a staple of enterprise security strategy, but research shows current approaches aren’t all that effective. Phishing is a tried-and-true attack vector. These attacks ...