-
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below – node-telegram-utils (132 downloads) node-telegram-bots-api (82 downloads) node-telegram-util (73 downloads) According to supply chain
-
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0. “An improper authentication control vulnerability exists in certain ASUS router firmware series,”
-
Restaurant Roundup: Portland chefs lined up for Unfork the Planet in Portland
A dozen Oregon chefs look to Unfork the Planet with Zero Foodprint. Plus, cocktail bars Too Soon, Palomar and Pacific Standard land hospitality best-of nods.
-
A big arts funder on the state of the sector and how a $52M ‘love letter’ is working
The pandemic dealt the arts sector a body blow, but Oregon Community Foundation has helped organizations to stabilize and figure out what’s next.
-
Vancouver development boom gains momentum
Vancouver’s waterfront and downtown are buzzing with construction activity, signaling a period of growth that stands out in the region.
-
Behind Wall Street firms’ fight over a one-time Portland unicorn
A fight between the troubled company’s largest shareholders is heating up.
-
Bluesky customization tool Graze snags $1M
A pair of Portland tech vets landed investment for their tool that allows consumers to control their content feeds on social media app Bluesky.
-
Portland City Council wants to reject PGE’s Forest Park project
At the end of a hearing that stretched past five hours on Thursday, councilors all weighed in against PGE.
-
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Cybersecurity researchers are warning of a “widespread and ongoing” SMS phishing campaign that’s been targeting toll road users in the United States for financial theft since mid-October 2024. “The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by ‘Wang Duo Yu,'” Cisco Talos researchers…
-
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. “Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution,” Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign.…
