New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
Indiatimes

Is Apple tap-to-pay safe? $10,000 stolen without unlocking iPhone

A new video shows a serious Apple Tap-to-pay vulnerability where $10,000 was taken from a locked iPhone using NFC tricks.
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

Payouts King ransomware uses QEMU VMs to bypass endpoint security

The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on ...
TechLila

macOS Malware Statistics 2026: Hidden Threats

OS Malware Statistics reveal rising threats, key trends, and risks. Discover critical insights to protect your devices today.