Data & infrastructure
-
Microsoft exposes npm dependency campaign
Microsoft has identified 33 malicious npm packages abusing dependency confusion. The campaign profiled developer environments and targeted the weak boundary between internal code and public package registries.
-
GlobalProtect flaw is under attack
Palo Alto Networks has updated its GlobalProtect vulnerability advisory again. The affected PAN-OS issue can allow unauthorised VPN connections in specific configurations and is now marked as attacked.
-
Google binds sessions to devices
Google has made device-bound session credentials generally available for Workspace. The Chrome security change addresses session-cookie theft, one route attackers use to work around multi-factor authentication.
-
Dutch police disrupt vast botnet
Dutch police have disrupted botnet infrastructure controlling millions of devices. The operation exposed how compromised consumer and edge systems can become criminal infrastructure at European scale.