Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps.

CISA orders feds to patch DarkSword iOS flaws exploited attacks

CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage ...
DataBreachToday

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

Innovative AS400 Modernization with AS/Forward Platform

Golden Path Digital, a frontrunner in enterprise modernization solutions, has today unveiled AS/Forward, a sophisticated ...
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Valentić told The Hacker News that the use of fake progress indicators mimicking legitimate installation progress and the ...

This popular app builder has been hijacked to steal Microsoft account details - here's what we know

Bubble.io's good name is being tarnished by advanced and convincing phishing lures.
eWeek

Put Mac Tasks on Autopilot with Claude

Hillman highlights Teradata’s interoperability with AWS, Python-in-SQL, minimal data movement, open table formats, feature stores, and “bring your own […] In this episode of eSpeaks, host Corey Noles ...

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...
CSO Online

GitHub phishers use fake OpenClaw tokens to drain crypto wallets

Attackers exploit OpenClaw hype with fake “CLAW” airdrops, luring developers from GitHub into wallet-draining phishing sites.
TidBITS

DarkSword Exploit Threatens iPhones Still Running iOS 18

Security researchers have discovered DarkSword, a sophisticated exploit chain targeting iOS 18.4 through 18.7.2. Unlike past spyware aimed at high-profile targets, DarkSword is being surreptitiously ...