Dashlane explains how attackers managed to download encrypted password vaults

Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
Hackaday

This Week In Security: AI Generated Reports, More AI Generated Reports, GitHub Chaos, And More Linux Vulnerabilities

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI models before authentication is checked.
Computer Weekly

Spanish police ‘systematically’ hid cryptophone intercepts from courts, claims ex chief

A former police chief who faces drug trafficking charges has claimed that Spanish drug investigators fabricated fictitious intelligence reports to hide their use of intercepted phone messages from the ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...
9to5Mac

iOS 26.5: These carriers offer RCS end-to-end encrypted messaging

iOS 26.5 is here, and one of its tentpole features is RCS end-to-end encrypted messaging. Here’s the list of carriers that currently support the new RCS feature. Here are the carriers that support end ...
MacRumors

iPhone-Android RCS Conversations Are End-to-End Encrypted in iOS 26.5

End-to-end encryption (E2EE) for RCS messages between iPhone and Android devices is officially available, Apple confirmed today. Support is included in iOS 26.5, which is now available to everyone.
Wired

Update Your iPhone Now for Better Encrypted Messaging With Android

As part of the iOS 26.5 update, Apple’s Messages app can now encrypt texts between some iPhone and Android smartphones. Texts between Apple devices in the Messages app, aka iMessages, have been ...
Cult of Mac

These US carriers now support encrypted RCS messaging

Apple’s newly released iOS 26.5 update supports end-to-end encryption for RCS messaging between iPhones and Android devices. However, the feature requires the cooperation of wireless carriers.