Reading view

↗️

Can't make sense of Dashlane's vault theft notification? You're not alone.

✇Ars Technica
By: Dan Goodin

There’s a lot that doesn’t add up in a security advisory password manager Dashlane published Monday, warning that attackers managed to obtain 20 encrypted user vaults.

“Starting on Sunday, May 31, 2026, an external party launched a brute force attack against certain Dashlane user accounts,” the company said. “The goal of the attack was to brute-force two-factor authentication (2FA) protections to allow the attacker to register new devices on existing user accounts.”

Hello, Dashlane, anybody home?

A Dashlane user who received such a 2FA request provided this screenshot of the notification, which arrived on Sunday.

Read full article

Comments

© Dashlane

  •  
  • ↗️
↗️

Dozens of Red Hat packages backdoored through its official NPM channel

✇Ars Technica
By: Dan Goodin

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said.

The supply-chain attack began Monday and remained active at the time this post went live, according to researchers at security firm Aikido. It’s the result of the threat actor responsible for the hack taking control of @redhat-cloud-services, a legitimate channel in the npm repository that’s reserved for official Red Hat packages. As such, the channel is widely trusted by developers who rely on Red Hat cloud services.

The vicious cycle of today’s supply-chain attacks

It’s unclear precisely how the threat actor took control of the namespace, but it almost certainly involved the compromise of credentials required to access it, possibly through a previous supply-chain attack. More than 30 packages seem to be affected.

Read full article

Comments

© istanbulimage via Getty

  •  
  • ↗️
↗️

Botnet of more than 17 million devices dismantled

✇Ars Technica
By: Dan Goodin

Authorities in the Netherlands said they dismantled a botnet that comprised more than 17 million devices and were managed by 200 servers in a joint operation by the police and the National Cyber Security Center.

The action, announced Thursday, came about after a security researcher reported the sprawling network to authorities. The host infrastructure was located in the Netherlands.

Used for criminal purposes

“The police then seized several botnet servers from a hosting provider for investigation,” the NCSC said. “The botnet was taken offline by the provider because it was used for criminal purposes.”

Read full article

Comments

© Aurich Lawson / Ars Technica

  •  
  • ↗️
❌