3 fake npm packages mimicking Telegram Bot API added SSH backdoors on Linux, risking persistent access.
CVE-2025–2492 flaw in ASUS AiCloud routers allows remote control; firmware fix issued for 4 versions.
Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems.
On Saturday morning, numerous organizations reported that they began receiving Microsoft Entra alerts that accounts had leaked credentials, causing the accounts to be locked out automatically.
Impacted customers initially thought the account lockouts were tied to the rollout of a new enterprise application called “MACE Credential Revocation,” installed minutes before the alerts were issued.
A large-scale ad fraud operation called ‘Scallywag’ is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests.
Scallywag was uncovered by bot and fraud detection firm HUMAN, which mapped a network of 407 domains supporting the operation that peaked at 1.4 billion fraudulent ad requests per day.
HUMAN’s efforts to block and report Scallywag traffic have resulted in its shrinking by 95%, although the threat actors have shown resilience by rotating domains and moving to other monetization models.
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins.
The attacker leveraged Google’s infrastructure to trick recipients into accessing a legitimate-looking “support portal” that asks for Google account credentials.
The fraudulent message appeared to come from “[email protected]” and passed the DomainKeys Identified Mail (DKIM) authentication method but the real sender was different.
Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID’s “leaked credentials” detection app called MACE.
A proposed protocol allows for the teleportation of collective spin-coherent states, as well as entangled spin-squeezed and Dicke states, between nuclear spin degrees of freedom in a two-dimensional trapped-ion crystal. Beyond teleportation, generalizations of the protocol could be used for retroactive squeezing generation and enhanced displacement sensing in a Penning trap, as well as in other systems featuring collective spin-spin interactions within synthetic dimensions or spatially separated arrays.
Our brains can adapt to filter out repeated distractions, according to a new EEG study.
Tuberculosis (TB) is an infectious disease that kills more than a million people worldwide every year. The pathogen that causes the disease, Mycobacterium tuberculosis, is deadly in part because of its complex outer envelope, which helps it evade immune responses of infected hosts.
In an ACS Infectious Diseases paper, researchers developed a chemical probe to study a key component of this envelope. Their results provide a step toward finding new ways of inactivating the bacterium.
Because curing TB requires taking drugs for months, which can result in TB resistance to some antibiotics, scientists are working to develop new treatments. One possible target is the bacterium’s outermost layer, called the mycomembrane, which protects the bacteria from stressors. When M. tuberculosis is attacked by a host’s macrophage immune cells, the mycomembrane produces compounds that suppress the infected host’s immune response.
Researchers have achieved a major leap in quantum computing by simulating Google’s 53-qubit Sycamore circuit using over 1,400 GPUs and groundbreaking algorithmic techniques. Their efficient tensor network methods and clever “top-k” sampling approach drastically reduce the memory and computational