The U.S. Army in Europe, along with NATO allies, wants to pursue optionally manned common launchers and munitions to deter Russia on the Eastern flank. Here, Ukrainian air defense intercepts a Shahed drone midair in a Russia aerial attack on the capital on May 30, 2023. (Evgeniy Maloletka/AP) WIESBADEN, Germany — The U.S. Army and
Popular npm linter packages hijacked via phishing to drop malware
Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The npm package eslint-config-prettier, downloaded over 30 million times weekly, was compromised after its maintainer fell victim to a phishing attack. Another package eslint-plugin-prettier from the same maintainer was also targeted. The attacker(s) used
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks
A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed “CitrixBleed 2,” was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public, despite Citrix stating that there was no evidence of attacks. GreyNoise has confirmed its honeypots detected targeted exploitation from IP addresses located in China on June 23, 2025. “GreyNoise has
Co-op confirms data of 6.5 million members stolen in cyberattack
UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores. Co-op (short for the Co-operative Group) is one of the United Kingdom’s largest consumer co-operatives, operating food stores, funeral services, insurance, and legal
Will special operators fly armed dune buggies into battles of the future?
Will special operators fly armed dune buggies into battles of the future? Meet the fan-powered, parachute-equipped vehicle designed to carry elite teams through the air into hot zones — the Skyrunner. 5 days ago
Google fixes actively exploited sandbox escape zero day in Chrome
Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser’s sandbox protection. The vulnerability is identified as CVE-2025-6558 and received a high-severity rating of 8.8. It was discovered by researchers at Google’s Threat Analysis Group (TAG) on June 23. The security
UK launches vulnerability research program for external experts
UK’s National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts. The agency already conducts internal vulnerability research on a wide range of technologies and will continue to do so. However, the launch of VRI will create a parallel program designed to improve
Will Congress approve of the Pentagon’s budget?
Will Congress approve of the Pentagon’s budget? The Pentagon has submitted its 2026 budget – but at the end of the day, it’s just a request. How will Congress react? Our panel looks ahead. 11 days ago
Google Gemini flaw hijacks email summaries for phishing
Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. Such an attack leverages indirect prompt injections that are hidden inside an email and obeyed by Gemini when generating the message summary. Despite
Hackers are exploiting critical RCE flaw in Wing FTP Server
Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. The observed attack ran multiple enumeration and reconnaissance commands followed by establishing persistence by creating new users. The exploited Wing FTP Server vulnerability is tracked as CVE-2025-47812 and received the