reporter

New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code. Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands ofView the full article

Coding agents like Claude Code, Gemini CLI, Codex, Kiro, and OpenCode are changing how developers work. But as these agents become more autonomous with capabilities like deleting repos, modifying files, and accessing secrets, developers face a real problem: how do you give agents enough access to be useful without adding unnecessary risk to your local environment? A More Effective Way to Run Local Coding Agents Safely. We’re working on an approach that lets you run coding agents in purpose-built, isolated local environments. Local sandboxes from Docker that wrap agents in containers that mirror your local workspace and enforce strict boundaries across all the coding agents you use. The idea is to give agents the access they need while maintaining isolation from your local system. Today’s experimental release runs agents as containers inside Docker Desktop’s VM, but we will be switching to running them inside of dedicated microVMs for more defense in depth and to improve the experience of agents executing Docker containers securely. What’s Available Now (Experimental Preview). This is an experimental preview. Commands may change and you shouldn’t rely on this for production workflows yet. Here’s what you get today: Container-based isolation: Agents can run code, install packages, and modify files within a bind mounted workspace directory. Filesystem isolation: Process containment, resource limits, and filesystem scoping, protecting your local system. Broad agent support: Native support for Claude Code and Gemini CLI, with more coding agents support coming soon. Why We Are Taking this Approach. We don’t think operating system-level approaches have the right long-term shape: They sandbox only the agent process itself, not the full environment the agent needs. This means the agent constantly needs to access the host system for basic tasks (installing packages, running code, managing dependencies), leading to constant permission prompts that interrupt workflows. They aren’t consistent across platforms. Container-based isolation is designed for exactly the kind of dynamic, iterative workflows that coding agents need. You get flexibility without brittleness. Although this structure is meant to be general-purpose, we’re starting for specific, pre-configured coding agents. Rather than trying to be a solution for all kinds of agents out of the box, this approach lets us solve real developer problems and deliver a great experience. We’ll support other use cases in the future, but for now, coding agents are where we can make the biggest impact. Here’s How You Can Try It. Today’s experimental preview works natively with Claude Code and Gemini CLI. We’re building for other agents developers use. With Docker Desktop 4.50 and later installed, run: docker sandbox run <agent> This creates a new isolated environment with your current working directory bind mounted. What’s Next. Better support and UX for running multiple agents in parallel Granular network access controls Granular token and secret management for multi-agent workflows Centralized policy management and auditability MicroVM-based isolation architecture Support for additional coding agents Try It and Share Your Feedback. We’re building this alongside developers. As you experiment with Docker Sandboxes, we want to hear about your use cases and what matters most to your workflow. Send your feedback to: [email protected] We believe sandboxing should be how every coding agent runs, everywhere. This is an early step, and we need your input to get there. We’re building toward a future where there’s no compromise: where you can let your agents run free while protecting everything that matters. View the full article

Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a "critical" Windows security update. "Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising," Acronis said in aView the full article

In today’s software-driven economy, securing software supply chains is no longer optional, it’s mission-critical. Yet enterprises often struggle to balance developer speed and security. According to theCUBE Research, 95% of organizations say Docker improved their ability to identify and remediate vulnerabilities, while 79% rate it highly effective at maintaining compliance with security standards. Docker embeds security directly into the developer workflow so that protection happens by default, not as an afterthought. At the foundation are Docker Hardened Images, which are ultra-minimal, continuously patched containers that cut the attack surface by up to 95% and achieve near-zero CVEs. These images, combined with Docker Scout’s real-time vulnerability analysis, allow teams to prevent, detect, and resolve issues early, keeping innovation and security in sync. The result: 92% of enterprises report fewer application vulnerabilities, and 60% see reductions of 25% or more. Docker also secures agentic AI development through the MCP Catalog, Toolkit, and Gateway. These tools provide a trusted, containerized way to run Model Context Protocol (MCP) servers that power AI agents, ensuring communication happens in a secure, auditable, and isolated environment. According to theCUBE Research, 87% of organizations reduced AI setup time by over 25%, and 95% improved AI testing and validation, demonstrating that Docker makes AI development both faster and safer. With built-in Zero Trust principles, role-based access controls, and compliance support for SOC 2, ISO 27001, and FedRAMP, Docker simplifies adherence to enterprise-grade standards without slowing developers down. The payoff is clear: 69% of enterprises report ROI above 101%, driven in part by fewer security incidents, faster delivery, and improved productivity. In short, Docker’s modern approach to DevSecOps enables enterprises to build, ship, and scale software that’s not only fast, but fundamentally secure. Docker’s impact on software supply chain security Docker has evolved into a complete development platform that helps enterprises build, secure, and deploy modern and agentic AI applications with trusted DevSecOps and containerization practices. From Docker Hardened Images, which are secure, minimal, and production-ready container images with near-zero CVEs, to Docker Scout’s real-time vulnerability insights and the MCP Toolkit for trusted AI agents, teams gain a unified foundation for software supply chain security. Every part of the Docker ecosystem is designed to blend in with existing developer workflows while making security affordable, transparent, and universal. Whether you want to explore the breadth of the Docker Hardened Images catalog, analyze your own image data with Docker Scout, or test secure AI integration through the MCP Gateway, it is easy to see how Docker embeds security by default, not as an afterthought. Review additional resources Read more in our latest blog about ROI of working with Docker theCUBE Research Report and eBook – economic validation of Docker Explore Docker Hardened Images and start a 30-day free trial View Hardened Images and Helm Charts on Docker Hub Explore Docker Scout View the full article

The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy. "This attack allows them to obtain tokens for the OAuth 2.0 authorization protocol using the user's browser, which can be used outside the perimeter of the compromised infrastructure to accessView the full article

2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic social engineering campaigns. The Storm on the Horizon Global world instability, coupled with rapid technological advancement, will force security teams to adapt not just theirView the full article

Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2. "This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader," Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News. "Users unknowinglyView the full article

Rights activists urged the European Union to investigate widespread human rights violations in Pakistan, including persecution of religious minorities, ahead of a review starting Monday by a key EU mission monitoring the country’s eligibility for preferential trade terms.View the full article

The Church of England is urging the government to step up financial support for historic churches and cathedrals after a new poll by Savanta found that many people use and appreciate them. View the full article

Women priests and a papal visit in 2010 all helped ease the path to Rome.View the full article

Having already managed to close down at least 50 private schools via VAT, concerns are mounting that a similar financial assault will take its toll on the nation’s churches.View the full article

Support for Israel is a divisive topic among Christians, and has theological roots.View the full article

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users of mobile messaging applications. "These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim's messaging app,View the full article

Growing up may have complicated life, but it doesn’t have to suffocate your faith.View the full article

"In the long term, secularism grows in Europe because we're not investing in teenagers and the next generation with Christian values," said Lucian Mustata, who is working with the university on its digital expansion into the region.View the full article

On November 21, 2025, security researchers detected the beginning of what would become one of the most aggressive npm supply chain attacks to date. The Shai Hulud 2.0 campaign compromised over 25,000 GitHub repositories within 72 hours, targeting packages from major organizations including Zapier, ENS Domains, PostHog, and Postman. The malware’s self-propagating design created a compounding threat that moved at container speed, not human speed. This variant executed during npm’s preinstall phase, harvesting developer credentials, GitHub tokens, and cloud provider secrets before packages even finished installing. Stolen credentials appeared in public GitHub repositories labeled “Sha1-Hulud: The Second Coming,” creating a secondary attack vector as threat actors recycled tokens to publish additional malicious packages. Researchers tracked approximately 1,000 new compromised repositories appearing every 30 minutes at the attack’s peak. For teams using npm packages in their containerized applications, this attack represented exposure not just to credential theft initially but also to systematic supply chain compromise that could persist across rebuild cycles and burrow deep into supply chains. Docker’s real-time response architecture According to Google Mandiant’s 2023 vulnerability analysis, the average time-to-exploit for vulnerabilities has collapsed from 63 days in 2018-19 to just five days. With Shai Hulud-type attacks on the rise, the likely compression of the vulnerability window will move from days to hours. Within hours of security researchers publishing indicators of compromise, Docker Security created DSA-2025-1124, a Docker Security Advisory that encoded detection rules for the Shai Hulud 2.0 malware signatures. This advisory immediately entered Docker Scout’s continuous monitoring pipeline, where it followed the same automated workflow that handles CVE ingestion. Here’s how the protection deployed: Automatic threat intelligence ingestion: Docker Scout continuously ingests security intelligence from multiple published sources. Scout’s ingestion pipeline identified the malicious package indicators and malware signatures from these sources and propagated them within seconds. Instant supply chain analysis: Docker Scout cross-referenced the threat intelligence against SBOMs from all Docker Hardened Images and customer images under Scout protection. This analysis identified which images, if any, contained dependencies from the compromised package ecosystem, enabling immediate risk assessment across the entire Docker registry. Automated detection distribution: The DSA containing Shai Hulud 2.0 detection rules propagated through Scout’s monitoring infrastructure automatically. Every Docker Scout-protected environment gained the ability to flag malicious packages based on the latest threat intelligence, without requiring manual policy updates or signature downloads. Continuous verification: As Docker Security performed immediate scans of all Docker GitHub Enterprise repositories (which returned no findings), the same SBOM-based verification confirmed that Docker Hardened Images contained no compromised packages. From threat disclosure to deployed protection, the response cycle completed in hours. Organizations using Docker Scout received alerts identifying any exposure to the compromised packages while the attack was still unfolding, allowing them to mount a timely response and protect their infrastructure. Why Docker’s approach creates verifiable protection Docker’s response to Shai Hulud 2.0 demonstrates why security architecture must assume attacks will move faster than human response times. Real-time protection: Traditional vulnerability management treats each threat as a discrete event requiring investigation, triage, and manual remediation. Docker Scout’s architecture treats threat intelligence as streaming data, continuously updating detection capabilities the moment new indicators become available. Unified telemetry eliminates blind spots: The integration between Scout’s monitoring, DHI’s build pipeline, and Docker’s supply chain tracking provides complete visibility into what’s running and where it came from. When the Shai Hulud malware attempted to compromise the npm ecosystem, Docker’s architecture could immediately answer: “Do we have exposure?” Cryptographic verification enables trust under fire: Every Docker Hardened Image ships with complete SBOMs, cryptographic signatures, and verifiable build provenance. During an active supply chain attack, this transparency becomes operational capability. Security teams can prove to auditors, incident responders, and leadership exactly what’s running in production, which versions are deployed, and whether any compromised packages made it through the supply chain. Speed that matches attack velocity: Self-propagating malware spreads through automated exploitation. This means you have to move fast. Docker’s remediation pipeline doesn’t wait for security teams to file tickets or schedule maintenance windows. When threats emerge, the pipeline automatically initiates detection updates, verifies image integrity, and flags exposure based on factual SBOM data. The five pillars prove themselves under pressure Docker’s security architecture rests on five pillars that proved themselves under pressure: minimal attack surface, complete SBOMs, verifiable provenance, exploitability context, and cryptographic verification. During Shai Hulud 2.0, these worked together as implemented controls that functioned automatically, enabling teams to verify exposure immediately through SBOMs, prove integrity through cryptographic signatures, and focus response on actually weaponized packages. Even if your organization does not use Docker Hardened Images, by using Docker Scout you get the same detection speed via Scout-generated SBOMs, which are optimized for transparency and speed. Supply chain security at container speed We believe that increasingly, modern supply chain attacks targeting the package infrastructure will be designed to outrun traditional security response times. The only viable response is security architecture and response mechanism that can match this speed. If your security team is still chasing alerts from last month’s supply chain attack, or if you’re uncertain whether your container images contain compromised dependencies, Docker offers a different approach. Learn more about how Docker Scout and Hardened Images deliver continuous, verifiable protection, or contact our team to discuss how real-time security architecture applies to your specific environment. View the full article

On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user’s network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and account takeovers. Superbox media streaming boxes for sale on Walmart.com. Superbox bills itself as an affordable way for households to stream all of the television and movie content they could possibly want, without the hassle of monthly subscription fees — for a one-time payment of nearly $400. “Tired of confusing cable bills and hidden fees?,” Superbox’s website asks in a recent blog post titled, “Cheap Cable TV for Low Income: Watch TV, No Monthly Bills.” “Real cheap cable TV for low income solutions does exist,” the blog continues. “This guide breaks down the best alternatives to stop overpaying, from free over-the-air options to one-time purchase devices that eliminate monthly bills.” Superbox claims that watching a stream of movies, TV shows, and sporting events won’t violate U.S. copyright law. “SuperBox is just like any other Android TV box on the market, we can not control what software customers will use,” the company’s website maintains. “And you won’t encounter a law issue unless uploading, downloading, or broadcasting content to a large group.” A blog post from the Superbox website. There is nothing illegal about the sale or use of the Superbox itself, which can be used strictly as a way to stream content at providers where users already have a paid subscription. But that is not why people are shelling out $400 for these machines. The only way to watch those 2,200+ channels for free with a Superbox is to install several apps made for the device that enable them to stream this content. Superbox’s homepage includes a prominent message stating the company does “not sell access to or preinstall any apps that bypass paywalls or provide access to unauthorized content.” The company explains that they merely provide the hardware, while customers choose which apps to install. “We only sell the hardware device,” the notice states. “Customers must use official apps and licensed services; unauthorized use may violate copyright law.” Superbox is technically correct here, except for maybe the part about how customers must use official apps and licensed services: Before the Superbox can stream those thousands of channels, users must configure the device to update itself, and the first step involves ripping out Google’s official Play store and replacing it with something called the “App Store” or “Blue TV Store.” Superbox does this because the device does not use the official Google-certified Android TV system, and its apps will not load otherwise. Only after the Google Play store has been supplanted by this unofficial App Store do the various movie and video streaming apps that are built specifically for the Superbox appear available for download (again, outside of Google’s app ecosystem). Experts say while these Android streaming boxes generally do what they advertise — enabling buyers to stream video content that would normally require a paid subscription — the apps that enable the streaming also ensnare the user’s Internet connection in a distributed residential proxy network that uses the devices to relay traffic from others. Ashley is a senior solutions engineer at Censys, a cyber intelligence company that indexes Internet-connected devices, services and hosts. Ashley requested that only her first name be used in this story. In a recent video interview, Ashley showed off several Superbox models that Censys was studying in the malware lab — including one purchased off the shelf at BestBuy. “I’m sure a lot of people are thinking, ‘Hey, how bad could it be if it’s for sale at the big box stores?'” she said. “But the more I looked, things got weirder and weirder.” Ashley said she found the Superbox devices immediately contacted a server at the Chinese instant messaging service Tencent QQ, as well as a residential proxy service called Grass IO. GET GRASSED Also known as getgrass[.]io, Grass says it is “a decentralized network that allows users to earn rewards by sharing their unused Internet bandwidth with AI labs and other companies.” “Buyers seek unused internet bandwidth to access a more diverse range of IP addresses, which enables them to see certain websites from a retail perspective,” the Grass website explains. “By utilizing your unused internet bandwidth, they can conduct market research, or perform tasks like web scraping to train AI.” Reached via Twitter/X, Grass founder Andrej Radonjic told KrebsOnSecurity he’d never heard of a Superbox, and that Grass has no affiliation with the device maker. “It looks like these boxes are distributing an unethical proxy network which people are using to try to take advantage of Grass,” Radonjic said. “The point of grass is to be an opt-in network. You download the grass app to monetize your unused bandwidth. There are tons of sketchy SDKs out there that hijack people’s bandwidth to help webscraping companies.” Radonjic said Grass has implemented “a robust system to identify network abusers,” and that if it discovers anyone trying to misuse or circumvent its terms of service, the company takes steps to stop it and prevent those users from earning points or rewards. Superbox’s parent company, Super Media Technology Company Ltd., lists its street address as a UPS store in Fountain Valley, Calif. The company did not respond to multiple inquiries. According to this teardown by behindmlm.com, a blog that covers multi-level marketing (MLM) schemes, Grass’s compensation plan is built around “grass points,” which are earned through the use of the Grass app and through app usage by recruited affiliates. Affiliates can earn 5,000 grass points for clocking 100 hours usage of Grass’s app, but they must progress through ten affiliate tiers or ranks before they can redeem their grass points (presumably for some type of cryptocurrency). The 10th or “Titan” tier requires affiliates to accumulate a whopping 50 million grass points, or recruit at least 221 more affiliates. Radonjic said Grass’s system has changed in recent months, and confirmed the company has a referral program where users can earn Grass Uptime Points by contributing their own bandwidth and/or by inviting other users to participate. “Users are not required to participate in the referral program to earn Grass Uptime Points or to receive Grass Tokens,” Radonjic said. “Grass is in the process of phasing out the referral program and has introduced an updated Grass Points model.” A review of the Terms and Conditions page for getgrass[.]io at the Wayback Machine shows Grass’s parent company has changed names at least five times in the course of its two-year existence. Searching the Wayback Machine on getgrass[.]io shows that in June 2023 Grass was owned by a company called Wynd Network. By March 2024, the owner was listed as Lower Tribeca Corp. in the Bahamas. By August 2024, Grass was controlled by a Half Space Labs Limited, and in November 2024 the company was owned by Grass OpCo (BVI) Ltd. Currently, the Grass website says its parent is just Grass OpCo Ltd (no BVI in the name). Radonjic acknowledged that Grass has undergone “a handful of corporate clean-ups over the last couple of years,” but described them as administrative changes that had no operational impact. “These reflect normal early-stage restructuring as the project moved from initial development…into the current structure under the Grass Foundation,” he said. UNBOXING Censys’s Ashley said the phone home to China’s Tencent QQ instant messaging service was the first red flag with the Superbox devices she examined. She also discovered the streaming boxes included powerful network analysis and remote access tools, such as Tcpdump and Netcat. “This thing DNS hijacked my router, did ARP poisoning to the point where things fall off the network so they can assume that IP, and attempted to bypass controls,” she said. “I have root on all of them now, and they actually have a folder called ‘secondstage.’ These devices also have Netcat and Tcpdump on them, and yet they are supposed to be streaming devices.” A quick online search shows various Superbox models and many similar Android streaming devices for sale at a wide range of top retail destinations, including Amazon, BestBuy, Newegg, and Walmart. Newegg.com, for example, currently lists more than three dozen Superbox models. In all cases, the products are sold by third-party merchants on these platforms, but in many instances the fulfillment comes from the e-commerce platform itself. “Newegg is pretty bad now with these devices,” Ashley said. “Ebay is the funniest, because they have Superbox in Spanish — the SuperCaja — which is very popular.” Superbox devices for sale via Newegg.com. Ashley said Amazon recently cracked down on Android streaming devices branded as Superbox, but that those listings can still be found under the more generic title “modem and router combo” (which may be slightly closer to the truth about the device’s behavior). Superbox doesn’t advertise its products in the conventional sense. Rather, it seems to rely on lesser-known influencers on places like Youtube and TikTok to promote the devices. Meanwhile, Ashley said, Superbox pays those influencers 50 percent of the value of each device they sell. “It’s weird to me because influencer marketing usually caps compensation at 15 percent, and it means they don’t care about the money,” she said. “This is about building their network.” A TikTok influencer casually mentions and promotes Superbox while chatting with her followers over a glass of wine. BADBOX As plentiful as the Superbox is on e-commerce sites, it is just one brand in an ocean of no-name Android-based TV boxes available to consumers. While these devices generally do provide buyers with “free” streaming content, they also tend to include factory-installed malware or require the installation of third-party apps that engage the user’s Internet address in advertising fraud. In July 2025, Google filed a “John Doe” lawsuit (PDF) against 25 unidentified defendants dubbed the “BadBox 2.0 Enterprise,” which Google described as a botnet of over ten million Android streaming devices that engaged in advertising fraud. Google said the BADBOX 2.0 botnet, in addition to compromising multiple types of devices prior to purchase, can also infect devices by requiring the download of malicious apps from unofficial marketplaces. Some of the unofficial Android devices flagged by Google as part of the Badbox 2.0 botnet are still widely for sale at major e-commerce vendors. Image: Google. Several of the Android streaming devices flagged in Google’s lawsuit are still for sale on top U.S. retail sites. For example, searching for the “X88Pro 10” and the “T95” Android streaming boxes finds both continue to be peddled by Amazon sellers. Google’s lawsuit came on the heels of a June 2025 advisory from the Federal Bureau of Investigation (FBI), which warned that cyber criminals were gaining unauthorized access to home networks by either configuring the products with malicious software prior to the user’s purchase, or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process. “Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services known to be used for malicious activity,” the FBI said. The FBI said BADBOX 2.0 was discovered after the original BADBOX campaign was disrupted in 2024. The original BADBOX was identified in 2023, and primarily consisted of Android operating system devices that were compromised with backdoor malware prior to purchase. Riley Kilmer is founder of Spur, a company that tracks residential proxy networks. Kilmer said Badbox 2.0 was used as a distribution platform for IPidea, a China-based entity that is now the world’s largest residential proxy network. Kilmer and others say IPidea is merely a rebrand of 911S5 Proxy, a China-based proxy provider sanctioned last year by the U.S. Department of the Treasury for operating a botnet that helped criminals steal billions of dollars from financial institutions, credit card issuers, and federal lending programs (the U.S. Department of Justice also arrested the alleged owner of 911S5). How are most IPidea customers using the proxy service? According to the proxy detection service Synthient, six of the top ten destinations for IPidea proxies involved traffic that has been linked to either ad fraud or credential stuffing (account takeover attempts). Kilmer said companies like Grass are probably being truthful when they say that some of their customers are companies performing web scraping to train artificial intelligence efforts, because a great deal of content scraping which ultimately benefits AI companies is now leveraging these proxy networks to further obfuscate their aggressive data-slurping activity. By routing this unwelcome traffic through residential IP addresses, Kilmer said, content scraping firms can make it far trickier to filter out. “Web crawling and scraping has always been a thing, but AI made it like a commodity, data that had to be collected,” Kilmer told KrebsOnSecurity. “Everybody wanted to monetize their own data pots, and how they monetize that is different across the board.” SOME FRIENDLY ADVICE Products like Superbox are drawing increased interest from consumers as more popular network television shows and sportscasts migrate to subscription streaming services, and as people begin to realize they’re spending as much or more on streaming services than they previously paid for cable or satellite TV. These streaming devices from no-name technology vendors are another example of the maxim, “If something is free, you are the product,” meaning the company is making money by selling access to and/or information about its users and their data. Superbox owners might counter, “Free? I paid $400 for that device!” But remember: Just because you paid a lot for something doesn’t mean you are done paying for it, or that somehow you are the only one who might be worse off from the transaction. It may be that many Superbox customers don’t care if someone uses their Internet connection to tunnel traffic for ad fraud and account takeovers; for them, it beats paying for multiple streaming services each month. My guess, however, is that quite a few people who buy (or are gifted) these products have little understanding of the bargain they’re making when they plug them into an Internet router. Superbox performs some serious linguistic gymnastics to claim its products don’t violate copyright laws, and that its customers alone are responsible for understanding and observing any local laws on the matter. However, buyer beware: If you’re a resident of the United States, you should know that using these devices for unauthorized streaming violates the Digital Millennium Copyright Act (DMCA), and can incur legal action, fines, and potential warnings and/or suspension of service by your Internet service provider. According to the FBI, there are several signs to look for that may indicate a streaming device you own is malicious, including: -The presence of suspicious marketplaces where apps are downloaded. -Requiring Google Play Protect settings to be disabled. -Generic TV streaming devices advertised as unlocked or capable of accessing free content. -IoT devices advertised from unrecognizable brands. -Android devices that are not Play Protect certified. -Unexplained or suspicious Internet traffic. This explainer from the Electronic Frontier Foundation delves a bit deeper into each of the potential symptoms listed above. View the full article

Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects "allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags," Oligo Security said inView the full article

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, JFrog, Koi Security, ReversingLabs, SafeDep, Socket, Step Security, and Wiz. The trojanizedView the full article

At least four Christians were killed, including one who was beheaded, in recent attacks across Nampula province.View the full article

Pope Leo XIV has issued an appeal for the liberation of students, clergy, and worshippers abducted in a series of violent attacks across Nigeria and Cameroon.View the full article

This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates. Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AIView the full article

New research from CrowdStrike has revealed that DeepSeek's artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China. "We found that when DeepSeek-R1 receives prompts containing topics the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of itView the full article

A Christian street preacher who was accused of making Islamophobic comments to a Muslim family has been cleared of harassment charges. View the full article

Teacher says students are taught to ‘reject evil rather than engage with it’View the full article