-
Malicious npm Package Modifies Local ‘ethers’ Library to Launch Reverse Shell Attacks
Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem. The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on
-
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on Windows.” Mojo…
-
How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More
When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity risks. According to Verizon’s 2024 Data Breach Investigations Report, 57% of companies experience over
-
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms
Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO “has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession,” the cybersecurity company said in an analysis. Credential stuffing is…
-
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on…
-
Tesla’s grip on Oregon EV sales loosens amid Musk’s controversial political moves
Oregon’s electric vehicle adoption rate is showing signs of slowing, as the dominant EV maker, Tesla, faces a backlash from the political actions of its CEO.
-
Instrument, Vanport Studio team to give startups Fortune 500 support
Portland is a hive of creative talent and brand building. A new program from agency Instrument and Vanport Studio aims that talent at small businesses.
-
Oregon lawmakers will consider a sales tax on beer, cider and wine
Tax hikes on producers have failed in the past and Oregonians have consistently rejected sales taxes of any sort.
-
Portland nonprofit left with $75K shortfall with federal funding freeze
A State Department pause on federal funding has turned into an indefinite freeze of $75,000 in funding for WorldOregon.
-
Kroger fires back, countersues as Albertsons makes fresh accusations tied to merger collapse
Kroger Co. has filed an answer to Albertsons Cos. Inc.’s lawsuit against it regarding the companies’ failed $24.6 billion merger and made counterclaims against its former acquisition target, claiming Albertsons actually undermined the deal. Albertsons also made additional claims against Kroger.
