The Hacker News reports that nearly 100,000 GitHub users had their NPM usernames and passwords, as well as email addresses compromised after GitHub's integration OAuth tokens were stolen last month.
BleepingComputer reports that Windows Subsystem for Linux has been increasingly leveraged by threat actors as an attack surface for new malware development.
Android devices could be compromised with a persistent backdoor should four high-severity security flaws in pre-installed Android System apps' mobile framework be exploited, according to SecurityWeek.
Mobile trojan detections have significantly increased in the first quarter of 2022 even though mobile malware volumes have dwindled since 2020, suggesting the increasing push toward more advanced threat campaigns, BleepingComputer reports.
New security vulnerabilities have been added by Keksec threat group, also known as Kek Security, FreakOut, and Necro, to its Enemybot Linux-based botnet to attack web servers, content management systems, and Android devices, reports The Hacker News.
Threat actors have hijacked the PyPi package dubbed "ctx" and the "phpass" PHP package to facilitate AWS credential exfiltration, reports The Hacker News.
Sixty-five major cyberattacks against blockchain and decentralized platforms last year have resulted in $1.8 billion in losses, even though 90% of the intrusions were deemed to be "unsophisticated," ZDNet reports.
Amazon Web Services has been urged by Access Now, Just Futures Law, the Immigration Defense Project, and other digital and human rights activists to cancel a contract with hosting the Department of Homeland Security's new biometric data collection system, which invades privacy and human rights, CyberScoop reports.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.