Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
237 articles

#Supply Chain

All CosmicBytez Labs articles tagged #Supply Chain, across news, security advisories, how-to guides, and projects.

  • NewsJul 17, 2026

    Ernst & Young Discloses Data Breach After Third-Party IT Support System Hacked

    Ernst & Young is notifying customers of a data breach stemming from the compromise of a third-party support ticket system used by its IT personnel, highlighting the continued risk posed by vendor and supply chain attacks on major enterprises.

  • NewsJul 17, 2026

    GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

    Cybersecurity researchers at Expel have attributed the April 2026 DigiCert security incident to CylindricalCanine, a sub-group of the Chinese APT known as GoldenEyeDog (APT-Q-27, Dragon Breath). The threat actors stole code-signing certificates to legitimize malicious software.

  • NewsJul 17, 2026

    Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

    Checkmarx researchers uncovered ViteVenom — seven malicious npm packages impersonating the Vite ecosystem that use blockchain-based command-and-control infrastructure to deploy a remote access trojan. The campaign is an expansion of the ChainVeil threat actor.

  • NewsJul 16, 2026

    2-Click Cursor Exploit Enables Dev Environment Takeover

    DeepJack: two clicks in Cursor IDE silently installs a malicious MCP server with full user privileges, stealing source code and secrets. Unpatched in July 2026.

  • NewsJul 15, 2026

    Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

    A design flaw in the Cursor AI code editor on Windows executes any file named git.exe found in the root of a cloned project directory — automatically, with no prompt or warning, simply by opening the repository. Malicious repositories can weaponize this to steal SSH keys, cloud tokens, and source code on first open.

  • NewsletterJul 14, 2026

    Weekly Digest #27 — Zero-Days Everywhere, Sanctions Escalate, and Your Browser Extension Just Betrayed You

    This week: Progress ShareFile and SonicWall hit with chained zero-days, the US sanctions its first VPN provider, ShinyHunters walks into Salesforce through the front door, and a 1.6M-install browser extension was hiding a dormant data collector the whole time.

  • NewsJul 13, 2026

    Google and Microsoft Pull ModHeader After Hidden Tracker Found in 1.6M-Install Extension

    Google and Microsoft have removed ModHeader — a popular HTTP header editor with 1.6 million installs across Chrome and Edge — after researchers discovered a dormant browsing-history collector hidden inside the extension's official store version.

  • NewsJul 13, 2026

    Lidl Discloses Online Shop Breach After Service Provider Hack

    German supermarket giant Lidl has notified customers in Germany, Belgium, and the Netherlands that personal data was stolen following a breach at one of its third-party service providers — a supply chain attack exposing the limits of vendor security controls in retail e-commerce.

  • NewsJul 11, 2026

    Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

    The popular jscrambler npm package was hijacked in version 8.14.0, silently dropping and executing a cross-platform Rust-based infostealer via a malicious...

  • NewsJul 11, 2026

    'Ghostcommit' Hides Prompt Injection in Images to Fool AI Agents and Steal Secrets

    Security researchers have demonstrated 'Ghostcommit,' a technique that embeds prompt injection payloads inside PNG images to bypass AI code review tools...

  • NewsJul 10, 2026

    Hackers Exploit Critical Auth Bypass in Official Gitea Docker Image

    Attackers are actively exploiting a critical authentication bypass in the official Gitea Docker image, allowing unauthenticated users to impersonate any...

  • NewsJul 10, 2026

    Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

    An unprotected 800MB server left open for three weeks exposed the full toolkit of a webshell access brokerage operation targeting 1.4 million domains....

  • NewsJul 9, 2026

    AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

    Researchers at the AI Now Institute have demonstrated a 'Friendly Fire' attack that tricks AI coding agents — including Claude Code, Gemini CLI, and...

  • SecurityJul 8, 2026

    CVE-2011-10043: Perl Module::Load Arbitrary Module Injection Resurfaces

    A decade-old CVSS 9.8 flaw in Perl's Module::Load (before 0.22) allows attackers to load arbitrary modules outside @INC via '::'-prefixed names. Now...

  • NewsJul 7, 2026

    What Changes When AI Writes Your Code: Supply Chain Security in the Age of LLMs

    Software supply chain security was already complex. Now that AI coding assistants are writing production code, security teams face new questions about...

  • NewsletterJul 7, 2026

    Weekly Digest #26 — AI Ransomware, Mega-Breaches, and the Supply Chain Under Siege

    This week: the first fully autonomous LLM-powered ransomware attack, 16 million people caught in two massive breaches, North Korean supply chain...

  • NewsJul 6, 2026

    North Korean Hackers Target Open Source Developers in Supply Chain Attacks

    The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information stealer...

  • NewsJul 5, 2026

    'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat

    Palo Alto Networks Unit 42 queried AI models 685,000+ times and found they hallucinate 2.1 million plausible-but-fake domains — attackers are now...

  • NewsJul 4, 2026

    North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

    JFrog researchers attribute a fresh npm supply chain campaign to North Korea's Lazarus Group. Malicious packages impersonating Rollup polyfill tooling...

  • NewsJul 4, 2026

    North Korean Hackers Publish 108 Malicious Packages in PolinRider Campaign

    Threat actors linked to North Korea's Contagious Interview campaign have published 108 malicious packages and browser extensions across npm, Packagist,...

  • NewsJul 3, 2026

    7 Unpatched Flaws Disclosed in FatFs Filesystem Used in Millions of Embedded Devices

    Security firm runZero has disclosed seven vulnerabilities in FatFs, a widely used FAT/exFAT filesystem library embedded in cameras, drones, crypto...

  • NewsJul 2, 2026

    Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.

    IBM and Red Hat announced Project Lightwell — a $5 billion commitment to secure open-source supply chains using Anthropic's Mythos AI model, which found...

  • NewsJul 2, 2026

    Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

    Anubis ransomware affiliates are exploiting CVE-2025-5777 (Citrix Bleed 2) for initial access while pairing BYOVD techniques and stolen supply chain...

  • NewsJun 30, 2026

    Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

    Security researchers have found that classic Bash shell techniques — some dating back decades — can bypass the safeguards in most open-source AI coding...

  • NewsletterJun 30, 2026

    June 30 Digest: BlueHammer Zero-Day, Ransomware Goes Corporate, AI Supply Chain Risks & Nation-State ICS Threats

    A Microsoft Defender zero-day fuels ransomware before any patch exists; researchers dissect how syndicate groups run HR departments and tiered pricing;...

  • NewsJun 29, 2026

    Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

    A heap overflow in libssh2's transport layer allows a malicious SSH server to achieve pre-authentication RCE against any connecting client. All versions...

  • NewsJun 29, 2026

    Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

    Attackers poisoned at least 18 npm and Go packages with a novel technique: hiding malware in .vscode/tasks.json auto-run tasks, bypassing npm v12's...

  • NewsJun 28, 2026

    $3 Million Reportedly Stolen in Polymarket Hack

    Decentralized prediction market Polymarket confirmed a security incident in which approximately $3 million was stolen after hackers compromised a...

  • NewsJun 27, 2026

    Clean GitHub Repo Tricks AI Coding Agents Into Running Malware

    Researchers demonstrate how a seemingly clean, scanner-safe GitHub repository can silently execute a malicious payload when an AI coding agent clones and...

  • NewsJun 27, 2026

    Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

    Rising third-party breach incidents are forcing schools and universities to play defense as ransomware gangs and supply chain attackers increasingly...

  • NewsJun 26, 2026

    Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

    The Miasma supply chain malware family — an evolution of Mini Shai-Hulud and linked to the Hades worm — has compromised hundreds of npm packages, abused...

  • NewsJun 26, 2026

    More Klue Breach Victims Identified as Hackers Get Hacked

    Roughly two dozen companies have notified their customers of impact from the Klue-Salesforce breach incident — a cascade that now includes the hackers...

  • NewsJun 25, 2026

    More Malicious OpenClaw Skills Threaten AI Supply Chain

    Unit 42 researchers identified five persistent malicious skill packages on ClawHub — OpenClaw's AI agent marketplace — including infostealers disguised as...

  • NewsJun 25, 2026

    Three 'Cybercrime-as-a-Service' Operations Undercut by Microsoft and Law Enforcement

    A two-week joint operation by Microsoft and Europol dismantled three major malware-as-a-service platforms — StealC, Amadey, and SocGholish — seizing 326...

  • NewsJun 24, 2026

    Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

    Novee Security researchers have identified a critical exploitable CI/CD workflow pattern dubbed Cordyceps that enables attackers to hijack GitHub Actions...

  • NewsJun 24, 2026

    Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

    Security researchers have disclosed a class of exploitable flaws in CI/CD pipeline configurations that allow unauthenticated attackers to take full...

  • NewsJun 24, 2026

    FFmpeg PixelSmash: CVE-2026-8461 Enables RCE via Crafted Video Files Across Thousands of Apps

    A heap out-of-bounds write in FFmpeg's MagicYUV decoder — CVE-2026-8461, CVSS 8.8 — lets attackers execute shell commands by delivering a 50 KB video...

  • NewsJun 24, 2026

    Tata Electronics Confirms Cyberattack; World Leaks Exposes Apple Manufacturing IP

    World Leaks — the rebranded extortion wing of the defunct Hunters International ransomware group — has leaked Apple manufacturing data stolen from Tata...

  • NewsJun 24, 2026

    Microsoft and Europol Dismantle Three Cybercrime-as-a-Service Operations

    Microsoft and Europol jointly targeted the full CaaS supply chain, seizing 300+ servers and disrupting SocGholish, Amadey, and StealC malware infrastructure.

  • NewsJun 23, 2026

    GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

    GitHub released actions/checkout v7 on June 18, 2026, adding default protections that refuse to fetch fork PR code inside pull_request_target workflows —...

  • NewsJun 23, 2026

    LastPass Confirms Data Breach in Klue Supply Chain Attack

    The Icarus extortion group compromised Klue, an AI-powered competitive intelligence platform, harvesting OAuth tokens to drain CRM data from hundreds of...

  • NewsJun 23, 2026

    Scope of Salesforce Attacks Expands as Icarus Leaks Stolen Data

    More victims have surfaced after attackers breached application vendor Klue and abused its OAuth tokens to access customers' Salesforce environments. The...

  • NewsletterJun 23, 2026

    June 23 Digest: FortiBleed, Klue/Salesforce Supply Chain, Squidbleed, GitHub Actions Fix

    A Russian IAB harvests 110M credentials from FortiGate firewalls; the Icarus group drains hundreds of Salesforce orgs via Klue OAuth tokens; a 29-year-old...

  • NewsJun 22, 2026

    ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

    Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack, with attackers injecting backdoor code into Pro plugin releases...

  • NewsJun 22, 2026

    Texas Parks & Wildlife Data Breach Affects 3 Million Individuals

    Hackers stole personal information including driver's license and passport numbers after breaching a third-party license vendor serving the Texas Parks...

  • NewsJun 21, 2026

    Microsoft Links Mastra AI Supply Chain Attack to North Korean Hackers

    Microsoft has attributed a 88-minute automated supply chain attack against 142 Mastra AI npm packages — with over 1.1 million combined weekly downloads —...

  • NewsJun 21, 2026

    Nintendo Confirms Employee Data Stolen in TinyPulse Cyberattack by Shadowbyt3$

    Nintendo of America has confirmed that approximately 1GB of employee data — including W-9 forms, bank statements, and HR survey responses — was...

  • NewsJun 21, 2026

    How Software Development's Speed Obsession Enabled TeamPCP's Chaos Crusade

    TeamPCP's remarkable success attacking open-source software was no accident — it exploited a cultural vulnerability baked into modern development: the...

  • NewsJun 19, 2026

    Cybersecurity Firms Impacted by Klue Supply Chain Attack

    The hackers exfiltrated data from Salesforce instances of Klue customers, including Huntress and Recorded Future, in a cascading supply chain compromise.

  • NewsJun 19, 2026

    Klue OAuth Breach Victim List Grows as Icarus Hackers Claim Attack

    Market intelligence platform Klue has confirmed attackers stole OAuth tokens connected to customers' Salesforce environments, as the Icarus extortion...

  • NewsJun 19, 2026

    Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

    Salesforce has disabled the Klue Battlecards app integration following a security incident in which attackers abused OAuth tokens to access customer CRM...

  • NewsJun 18, 2026

    Novo Nordisk Breach Exposes Software Development Pipeline Risk

    A leaked GitHub token at Novo Nordisk has exposed a fundamental flaw in how organizations approach secrets management — treating it as a tooling problem...

  • NewsJun 18, 2026

    Salesforce Data Thefts Continue via Klue App Compromise

    Klue's Battlecards competitive intelligence application has become the third integrated app compromised in the ongoing Icarus campaign targeting...

  • NewsJun 18, 2026

    ShapedPlugin Update Flow Hacked to Infect WordPress Sites

    Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the...

  • NewsJun 17, 2026

    144 Mastra npm Packages Compromised via Hijacked Contributor Account

    A supply chain attack dubbed easy-day-js has compromised 144 npm packages in the @mastra/* namespace by hijacking a contributor account for the popular...

  • NewsJun 17, 2026

    Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

    Researchers have uncovered a coordinated malware campaign involving 15 malicious JetBrains Marketplace plugins posing as DeepSeek-powered AI coding...

  • NewsJun 14, 2026

    'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

    The latest supply chain attacks against PyPI, which hit 37 wheels and 19 code packages, show a continued evolution of the persistent Shai-Hulud software...

  • NewsJun 14, 2026

    Rust-Written IronWorm Hits NPM Supply Chain

    IronWorm, a self-propagating supply chain worm written in Rust, is targeting npm developers to steal credentials and reuse them to spread across the...

  • NewsJun 13, 2026

    China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

    Sygnia researchers uncovered Velvet Ant, a China-nexus APT that spent close to a decade hidden inside Linux authentication infrastructure by backdooring...

  • NewsJun 13, 2026

    NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

    NPM 12 will disable dependency install scripts by default, requiring explicit opt-in—a major shift targeting the supply chain attack vector exploited...

  • SecurityJun 12, 2026

    CVE-2026-44488: Axios Fetch Adapter Ignores Configured Request and Response Size Limits

    Axios versions 1.7.0 through 1.15.x fail to enforce maxContentLength and maxBodyLength when using the fetch adapter, allowing unbounded request and...

  • NewsJun 11, 2026

    GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

    GitHub has announced that npm version 12 will disable install scripts by default as a breaking change aimed at combating software supply chain attacks...

  • NewsJun 11, 2026

    ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

    This week's threat intelligence roundup covers a supply chain attack kit posted publicly, a $5,000-per-month RAT that clones browser sessions, AI agents...

  • NewsJun 10, 2026

    Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

    Six critical flaws in protobuf.js — the JavaScript/TypeScript Protocol Buffers library — can lead to remote code execution and denial-of-service in...

  • NewsJun 10, 2026

    The Miasma Worm Source Code Briefly Leaked on GitHub

    The Miasma credential-stealing worm framework was briefly open-sourced on GitHub before removal, potentially enabling copycat attacks against open-source...

  • NewsJun 6, 2026

    Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

    Microsoft's GitHub presence has become the latest target of the self-replicating Miasma supply chain worm, with 73 repositories across Azure, Azure-Samples…

  • NewsJun 5, 2026

    Hola Browser for Windows Compromised to Deliver Cryptominer

    The Windows version of the Hola Browser has been hit by a supply chain attack that bundled a cryptocurrency miner with the official installer, silently…

  • NewsJun 5, 2026

    IronWorm and New Miasma Worm Variant Hit npm in Coordinated Supply Chain Attacks

    Two distinct malware campaigns have hit the npm ecosystem simultaneously — IronWorm deploys a Rust-based infostealer via 50+ poisoned packages, while a new…

  • NewsletterJun 3, 2026

    June 3 Digest: AI Ransomware, Netlogon RCE, Miasma Supply Chain

    An AI-generated ransomware toolkit automates EDR evasion; Windows Netlogon RCE is actively exploited on domain controllers; the Miasma campaign hits Red Hat…

  • NewsJun 1, 2026

    Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

    A new Mini Shai-Hulud supply chain campaign codenamed Miasma has compromised Red Hat's @redhat-cloud-services npm packages, deploying a self-propagating…

  • NewsJun 1, 2026

    OpenAI Codex Authentication Tokens Stolen via codexui-android npm Supply Chain Attack

    Cybersecurity researchers have uncovered a malicious npm package named codexui-android that targets developers using OpenAI Codex by masquerading as a…

  • NewsMay 31, 2026

    As Global Powers Explore Humanoid Robots, Cyber-Risk Looms

    Nation-states are racing to dominate the embodied AI and humanoid robotics market, but as governments and militaries integrate these systems, the…

  • NewsMay 29, 2026

    In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks

    Noteworthy cybersecurity stories from the week: Trump Mobile exposes customer data, phishers target 2026 FIFA World Cup fans, and CISA responds to recent...

  • NewsMay 28, 2026

    IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under "Project Lightwell"

    IBM and Red Hat unveil Project Lightwell, a $5B commitment to securing open-source supply chains by fixing vulnerabilities without breaking production.

  • NewsMay 27, 2026

    CrowdStrike Dismantles Glassworm Botnet Targeting Open-Source Supply Chain

    CrowdStrike, Google, and Shadowserver dismantled the Glassworm botnet, stripping operators of infrastructure used to inject malware into OSS packages.

  • NewsMay 27, 2026

    GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

    CrowdStrike, Google, and Shadowserver simultaneously disrupted GlassWorm C2 channels, ending a supply-chain campaign targeting developers via packages.

  • SecurityMay 27, 2026

    CVE-2026-44444: Lumiverse AI Plugin Install Scripts Enable RCE (CVSS 9.1)

    Critical Lumiverse <0.9.7 flaw lets malicious extensions execute arbitrary code via package.json lifecycle scripts run by the Spindle build pipeline.

  • SecurityMay 27, 2026

    CVE-2026-48027: Nx Console Embedded Malicious Code — CISA KEV

    CISA adds CVE-2026-48027 to KEV after a malicious Nx Console VS Code extension was found harvesting credentials from disk and memory via obfuscation.

  • NewsMay 26, 2026

    The Hackers Behind Shai-Hulud: Lucky or Skilled?

    TeamPCP's Shai-Hulud worm inflicted serious damage on the open source ecosystem — but a close look at their operations raises the question of whether their.

  • NewsletterMay 26, 2026

    May 26 Digest: SharePoint RCE, Megalodon CI/CD Blitz

    Microsoft patches a CVSS 8.8 SharePoint RCE; the Megalodon campaign poisons 5,561 GitHub repos in six hours; 7-Eleven's ShinyHunters breach hits 185,000; and a.

  • NewsMay 25, 2026

    TrapDoor Supply Chain Attack Spreads Credential-Stealing

    A coordinated cross-ecosystem supply chain attack campaign dubbed TrapDoor has compromised 34 packages across 384+ versions on npm, PyPI, and Crates.io.

  • NewsMay 25, 2026

    Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets

    This week's security roundup covers Linux privilege escalation zero-days, actively exploited Windows Defender vulnerabilities, router botnets hijacking DNS.

  • NewsMay 24, 2026

    Megalodon GitHub Attack Targets 5,561 Repos with Malicious

    Cybersecurity researchers have uncovered Megalodon, an automated attack campaign that pushed 5,718 malicious commits to over 5,500 GitHub repositories in...

  • NewsMay 23, 2026

    Grafana Says Codebase and Other Data Stolen via TanStack

    Grafana confirmed attackers stole internal source code and data after a GitHub token compromised in the TanStack npm supply chain attack was never...

  • NewsMay 23, 2026

    Laravel Lang Packages Hijacked to Deploy

    A supply chain attack targeting Laravel Lang localization packages has exposed developers to credential-stealing malware after attackers abused GitHub...

  • NewsMay 23, 2026

    Laravel-Lang PHP Packages Compromised to Deliver

    Multiple PHP packages belonging to the Laravel-Lang organization have been poisoned in a software supply chain attack, delivering a cross-platform...

  • NewsMay 23, 2026

    npm Adds 2FA-Gated Publishing and Package Install Controls

    GitHub has rolled out new security controls for npm including staged publishing with 2FA approval requirements and package install policies, giving...

  • NewsMay 23, 2026

    Packagist Supply Chain Attack Infects 8 Packages Using

    A coordinated supply chain attack campaign has infected eight Packagist Composer packages with malicious code that downloads and executes a Linux binary...

  • NewsMay 21, 2026

    GitHub Links Repo Breach to TanStack npm Supply-Chain Attack

    GitHub has confirmed that hackers who stole 3,800 internal repositories gained access through a malicious version of the Nx Console VS Code extension...

  • NewsMay 21, 2026

    Socket Raises $60 Million at $1 Billion Valuation

    Supply chain security startup Socket has raised $60 million in a new funding round, valuing the company at $1 billion. The capital will expand Socket's...

  • NewsMay 20, 2026

    GitHub Breached — Employee Device Hack Led to Exfiltration

    GitHub is investigating unauthorized access to thousands of internal repositories after an employee device was compromised through the TanStack npm supply...

  • NewsMay 20, 2026

    GitHub Confirms Being Hacked by TeamPCP, Says Customer Data

    GitHub has officially confirmed it was breached by the TeamPCP threat actor after the group advertised stolen internal source code on a cybercrime forum....

  • NewsMay 20, 2026

    GitHub Confirms Breach, 4K Internal Repos Stolen

    GitHub has confirmed a data breach in which the TeamPCP threat actor stole approximately 4,000 internal repositories. The company states no customer data...

  • NewsMay 20, 2026

    GitHub Investigating TeamPCP Claimed Breach of ~4,000

    GitHub is investigating unauthorized access to its internal repositories after the TeamPCP threat actor listed approximately 4,000 GitHub internal repos...

  • NewsMay 20, 2026

    Grafana Breach Caused by Missed Token Rotation After

    Grafana Labs has revealed that its May 2026 source code breach was caused by a single GitHub workflow token that was inadvertently missed during the token...

  • NewsMay 20, 2026

    Grafana GitHub Breach Exposes Source Code via TanStack npm

    Grafana Labs confirms its GitHub environment was breached through the TanStack npm supply chain attack, exposing public and private source code...

  • NewsletterMay 20, 2026

    May 20 Digest: Exchange Zero-Day, Verizon DBIR, GitHub

    A Microsoft Exchange zero-day is being exploited with no patch in sight; Verizon DBIR 2026 marks a landmark shift — vulnerability exploitation now...

  • NewsMay 19, 2026

    Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

    Cybersecurity researchers have discovered a fresh Mini Shai-Hulud supply chain attack compromising the @antv npm ecosystem through a hijacked maintainer...

  • NewsMay 19, 2026

    Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

    Threat actors have compromised the widely-used actions-cool/issues-helper GitHub Action, redirecting every existing tag to a malicious imposter commit...

  • SecurityMay 19, 2026

    CVE-2026-8838 — Amazon Redshift Python Driver RCE via Unsafe Code Execution

    The Amazon Redshift Python driver before version 2.1.14 contains a critical vulnerability where the vector_in() function executes arbitrary code received...

  • HOWTOMay 19, 2026

    Why Your Accountant is a Ransomware Target

    Small accounting firms in rural Alberta have become primary ransomware targets in 2025–2026. The reasons are structural: high-value data, weak security…

  • NewsMay 18, 2026

    Developer Workstations Are Now Part of the Software Supply

    Supply chain attackers are no longer just targeting repositories and CI/CD pipelines — they're going after the developer workstations that hold the keys...

  • NewsMay 18, 2026

    Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

    Researchers have uncovered four malicious npm packages embedding infostealer malware and a Phantom Bot DDoS payload — one of which is a direct clone of...

  • NewsMay 18, 2026

    Grafana Confirms Breach After Hackers Claim They Stole Data

    Grafana has confirmed a security breach after the Coinbase Cartel cybercrime group — linked to ShinyHunters, Scattered Spider, and Lapsus$ — claimed to...

  • NewsMay 18, 2026

    Grafana Says Stolen GitHub Token Let Hackers Steal Codebase

    Grafana Labs confirmed that hackers downloaded its source code after breaching its GitHub environment using a stolen access token. The attackers attempted...

  • NewsMay 18, 2026

    Shai-Hulud Worm Clones Spread After Code Release

    The public release of the Shai-Hulud worm source code by TeamPCP has triggered a wave of copycat variants appearing across the npm ecosystem. Security...

  • NewsMay 18, 2026

    Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco

    This week's cybersecurity landscape opened with a critical Microsoft Exchange spoofing zero-day under active exploitation, a coordinated npm/PyPI supply...

  • NewsMay 17, 2026

    Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

    Grafana has disclosed that an unauthorized party obtained a GitHub access token, used it to download the company's entire codebase, and then attempted...

  • NewsMay 17, 2026

    Living Off the Pipeline: Defending Against CI/CD Subversion

    Adversaries are increasingly weaponizing CI/CD pipelines as a living-off-the-land vector — abusing trusted build infrastructure to execute attacks without...

  • NewsMay 17, 2026

    SecurityScorecard Acquires Driftnet to Boost Third-Party

    SecurityScorecard has acquired Driftnet to expand visibility into third-party ecosystems, addressing growing supply chain attack risks that continue to...

  • NewsMay 16, 2026

    Funnel Builder Flaw Under Active Exploitation Enables

    Attackers are actively exploiting a critical vulnerability in the Funnel Builder WordPress plugin to inject malicious JavaScript into WooCommerce checkout...

  • SecurityMay 16, 2026

    DAEMON Tools Lite Supply Chain Attack via Trojanized

    A supply chain attack compromised official DAEMON Tools Lite installation packages distributed from daemon-tools.cc between April 8 and May 5, 2026,...

  • NewsMay 15, 2026

    Popular node-ipc npm Package Compromised to Steal

    Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication npm package, in a new...

  • NewsMay 15, 2026

    TanStack Supply Chain Attack Hits Two OpenAI Employee

    OpenAI has disclosed that two corporate employee devices were compromised via the Mini Shai-Hulud supply chain attack on the TanStack npm ecosystem,...

  • NewsMay 15, 2026

    TeamPCP Hackers Advertise Mistral AI Source Code Repos for Sale

    The TeamPCP threat group claims to have stolen source code repositories from Mistral AI and is advertising them for sale on criminal forums, threatening...

  • NewsMay 15, 2026

    TeamPCP Ups the Game, Releases Shai-Hulud Worm's Source Code

    The hacking group TeamPCP has publicly released the source code for its Shai-Hulud supply chain worm, actively encouraging other threat actors to...

  • NewsMay 14, 2026

    OpenAI Asks macOS Users to Update After TanStack npm Supply

    OpenAI is urging macOS users to update their software following an expanding supply chain attack that compromised TanStack and additional npm and PyPI...

  • NewsMay 14, 2026

    OpenAI Confirms Security Breach in TanStack Supply Chain

    OpenAI confirmed that two employees' devices were compromised during the TanStack supply chain attack, which hit hundreds of npm and PyPI packages. The...

  • NewsMay 14, 2026

    ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI

    This week's threat roundup covers an actively exploited PAN-OS RCE granting root access, Anthropic's Mythos AI finding a cURL memory safety bug, AI...

  • SecurityMay 13, 2026

    CVE-2026-44246: nnU-Net Agentic Workflow Injection via GitHub Actions Issue Triage

    A high-severity agentic workflow injection vulnerability in nnU-Net's GitHub Actions issue triage workflow allows attackers to inject and execute...

  • NewsMay 12, 2026

    Mini Shai-Hulud Worm Compromises TanStack, Mistral AI

    TeamPCP has expanded its supply chain attack campaign with a fresh Mini Shai-Hulud worm that compromised npm and PyPI packages from TanStack, UiPath,...

  • NewsMay 12, 2026

    Worm Redux: Fresh Mini Shai-Hulud Infections Bite npm

    Hundreds of npm packages in the TanStack open source ecosystem have been infected by a fresh wave of Mini Shai-Hulud worm activity from TeamPCP — the same...

  • NewsletterMay 12, 2026

    May 12 Digest: AI-Generated Zero-Day, Shai-Hulud Worm

    Google confirms the first AI-generated zero-day in the wild; TeamPCP's Mini Shai-Hulud worm hits TanStack, Mistral AI, and Guardrails AI; Instructure pays...

  • NewsMay 11, 2026

    Build Application Firewalls Aim to Stop the Next Supply

    A new class of security tooling called Build Application Firewalls inspects runtime behavior inside software build pipelines rather than just scanning...

  • NewsMay 11, 2026

    TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks

    Supply chain threat actor TeamPCP has struck again, publishing a tampered version of the Checkmarx Jenkins AST plugin to the Jenkins Marketplace — just...

  • NewsMay 10, 2026

    Quasar Linux RAT Steals Developer Credentials for Software

    A newly discovered Linux implant called Quasar Linux RAT (QLNX) is silently targeting software developers to harvest credentials, log keystrokes, and...

  • NewsMay 9, 2026

    Fake OpenAI Repository on Hugging Face Pushes Infostealer

    A malicious repository impersonating OpenAI's "Privacy Filter" project climbed to Hugging Face's trending list and delivered information-stealing malware...

  • NewsMay 9, 2026

    JDownloader Site Hacked to Replace Installers with Python

    The official website for JDownloader, one of the most widely-used open-source download managers, was compromised to distribute malicious Windows and Linux...

  • NewsMay 9, 2026

    Trellix Source Code Breach Highlights Growing Supply Chain

    Trellix, the enterprise security vendor formed from the merger of McAfee Enterprise and FireEye, has suffered a source code breach claimed by the...

  • SecurityMay 8, 2026

    CVE-2026-41500: electerm macOS Command Injection via Install Script

    A critical command injection vulnerability in the electerm terminal client allows remote attackers to achieve unauthenticated code execution on macOS...

  • SecurityMay 8, 2026

    CVE-2026-41501: electerm Linux Command Injection via Install Script

    A critical command injection flaw in electerm's Linux installer allows remote attackers to execute arbitrary shell commands by injecting into unsanitized...

  • NewsMay 1, 2026

    1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, and Intercom

    The TeamPCP threat group's Mini Shai-Hulud supply chain campaign compromised SAP-related npm packages along with PyTorch Lightning and Intercom client...

  • NewsMay 1, 2026

    Cisco Releases Open Source Tool for AI Model Provenance

    Cisco has released a new open source toolkit designed to track and verify the provenance of AI models throughout the supply chain, addressing risks from...

  • NewsMay 1, 2026

    Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

    A new supply chain attack campaign dubbed BufferZoneCorp has been observed using sleeper packages in RubyGems and Go module registries to push...

  • SecurityMay 1, 2026

    Apache MINA Incomplete Deserialization Patch Leaves 2.1.X

    Apache MINA versions 2.1.X and 2.2.X remain vulnerable to unauthenticated remote code execution because the fix for CVE-2026-41409 was never backported,...

  • NewsApr 30, 2026

    Critical Gemini CLI Flaw Enabled Host Code Execution

    A critical vulnerability in Google's Gemini CLI allowed an attacker to plant a malicious configuration file that executed commands outside the sandbox,...

  • NewsApr 30, 2026

    Google Fixes CVSS 10 Gemini CLI RCE and Cursor Flaws Enable

    Google has patched a maximum severity vulnerability in its Gemini CLI npm package and GitHub Actions workflow that allowed unprivileged attackers to...

  • NewsApr 30, 2026

    PyTorch Lightning and Intercom-client Hit in Supply Chain

    Threat actors compromised the popular Python PyPI package 'Lightning' — used for PyTorch model training — pushing malicious versions 2.6.2 and onward to...

  • NewsApr 30, 2026

    TeamPCP Hits SAP npm Packages With 'Mini Shai-Hulud' Supply

    The threat actor TeamPCP has compromised multiple npm packages tied to SAP's cloud application development ecosystem in a new supply chain campaign dubbed...

  • NewsApr 29, 2026

    Critical GitHub Vulnerability Exposed Millions of Repositories

    A critical remote code execution vulnerability, CVE-2026-3854, was found to impact GitHub.com and GitHub Enterprise Server, potentially exposing millions...

  • NewsApr 29, 2026

    GitHub Fixes RCE Flaw That Gave Access to Millions of Private Repos

    GitHub has patched CVE-2026-3854, a critical remote code execution vulnerability exploitable via a single HTTP request that could have granted attackers...

  • NewsApr 29, 2026

    Learning from the Vercel Breach: Shadow AI and OAuth Sprawl

    The Vercel breach, traced to a compromised third-party AI tool with OAuth access, illustrates how Shadow AI adoption and unchecked OAuth integrations are...

  • NewsApr 29, 2026

    SAP-Related npm Packages Compromised in Credential-Stealing

    Security researchers have uncovered a coordinated supply chain attack campaign dubbed 'mini Shai-H' targeting SAP-related npm packages, injecting...

  • NewsApr 29, 2026

    Vect 2.0 Ransomware Acts as Wiper Thanks to Design Error

    The emerging Vect 2.0 ransomware — deployed against TeamPCP supply chain attack victims — permanently destroys files larger than 131KB due to a critical...

  • NewsApr 28, 2026

    Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw

    Cybersecurity researchers have disclosed a critical remote code execution vulnerability in GitHub.com and GitHub Enterprise Server that allows an...

  • NewsApr 28, 2026

    Video Service Vimeo Confirms Anodot Breach Exposed User Data

    Vimeo has confirmed that customer and user data was accessed without authorization following a security breach at Anodot, a data anomaly detection...

  • SecurityApr 28, 2026

    CVE-2026-30352: Remote Code Execution in leonvanzyl

    A critical remote code execution vulnerability in the /devserver/start endpoint of the leonvanzyl autocoder AI coding tool allows unauthenticated...

  • NewsApr 27, 2026

    Checkmarx Confirms GitHub Repository Data Posted on Dark

    Checkmarx has confirmed that data from its GitHub repositories has been published on the dark web following an investigation into the March 23 supply...

  • NewsApr 27, 2026

    Weekly Recap: Fast16 Malware, XChat Launch, Federal

    This week's cybersecurity roundup covers the discovery of pre-Stuxnet Fast16 malware targeting engineering software, the emergence of the XChat...

  • NewsApr 26, 2026

    Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain

    The popular Bitwarden CLI password manager package @bitwarden/cli@2026.4.0 was compromised as part of an ongoing Checkmarx supply chain campaign, with...

  • NewsApr 26, 2026

    Hypersonic Supply Chain Attacks: One Solution That Didn't

    SentinelOne details how its AI-driven behavioral detection stopped three zero-day supply chain attacks at machine speed — without prior knowledge of the...

  • NewsApr 26, 2026

    ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse

    This week's ThreatsDay Bulletin covers the $290M KelpDAO DeFi hack tied to Lazarus Group, new macOS living-off-the-land attack techniques, ProxySmart SIM...

  • NewsApr 25, 2026

    Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

    Zscaler ThreatLabz has uncovered a Tropic Trooper (APT23) campaign that delivers the AdaptixC2 post-exploitation beacon via trojanized SumatraPDF...

  • SecurityApr 25, 2026

    CVE-2026-6951: simple-git RCE via --config Option Bypass

    A critical remote code execution vulnerability in the simple-git npm package allows attackers to inject arbitrary git config options via the --config...

  • SecurityApr 24, 2026

    Hackage Haskell Repository Stored XSS Enables Credential

    A critical stored XSS vulnerability in hackage-server allows HTML and JavaScript files uploaded via source packages or documentation to execute in...

  • NewsApr 23, 2026

    Malicious KICS Docker Images and VS Code Extensions Hit

    Threat actors hijacked the official checkmarx/kics Docker Hub repository by overwriting existing image tags — including v2.1.20 and alpine variants — and...

  • NewsApr 23, 2026

    Vercel Finds More Compromised Accounts in Context.ai-Linked

    Vercel has expanded its breach investigation tied to the Context.ai supply chain compromise and identified additional customer accounts with unauthorized...

  • NewsApr 22, 2026

    Hypersonic Supply Chain Attacks: AI Defense Stops Zero-Days

    SentinelOne's AI-driven behavioral defense stopped three recent zero-day supply chain attacks before any payload signatures existed — demonstrating how...

  • NewsApr 22, 2026

    New npm Supply Chain Attack Self-Spreads to Steal Developer

    A newly discovered supply chain attack targeting the npm ecosystem steals developer authentication tokens and uses compromised accounts to publish...

  • NewsApr 21, 2026

    Cloud Platform Vercel Says Company Breached Through

    Vercel has confirmed a security breach in which limited customer credentials were exposed after an employee's workstation was compromised through malware...

  • NewsApr 21, 2026

    No Exploit Needed: How Attackers Walk Through the Front

    Stolen credentials remain the dominant initial access vector in 2026 — no zero-days, no malware, just valid logins that blend in with normal activity...

  • NewsApr 21, 2026

    Surge in Bomgar RMM Exploitation Demonstrates Supply Chain

    A critical RCE flaw in BeyondTrust Bomgar remote monitoring and management software is being actively exploited to spread ransomware and compromise...

  • NewsletterApr 21, 2026

    Apr 21 Digest: Vercel AI Tool Breach, DPRK $290M, ActiveMQ

    Vercel confirms breach through a compromised third-party AI coding tool; North Korean hackers attributed to a $290 million crypto theft; 6,400 Apache...

  • NewsApr 20, 2026

    Anthropic MCP Design Vulnerability Enables RCE, Threatening

    Cybersecurity researchers have discovered a critical by-design weakness in the Model Context Protocol architecture that enables arbitrary command...

  • NewsApr 20, 2026

    Vercel Breach Tied to Context AI Hack Exposes Limited

    Vercel's security breach originated from the compromise of Context.ai, a third-party AI tool used by a company employee, allowing attackers to gain...

  • NewsApr 20, 2026

    Vercel Employee's AI Tool Access Led to Data Breach

    Stolen OAuth tokens from a compromised employee AI tool enabled attackers to pivot into Vercel's internal systems. Security researchers warn that...

  • NewsApr 20, 2026

    Vercel's Security Breach Started with Malware Disguised as

    The Vercel security breach originated at Context.ai after an employee downloaded Lumma Stealer disguised as Roblox cheat software. The incident exposes...

  • NewsApr 20, 2026

    Why the Axios Attack Proves AI Is Mandatory for Supply

    The North Korean supply chain attack on Axios — a JavaScript library with 100 million weekly downloads — highlights why human-scale monitoring can no...

  • NewsApr 19, 2026

    Analysis of 216M Security Findings Shows a 4x Increase in Critical Risk (2026 Report)

    OX Security analyzed 216 million security findings across 250 organizations over 90 days and found critical risk grew by nearly 400% year-over-year, even...

  • NewsApr 18, 2026

    Critical Flaw in protobuf.js Library Enables JavaScript

    A critical remote code execution vulnerability in protobuf.js, the widely used JavaScript implementation of Google's Protocol Buffers, has been disclosed...

  • SecurityApr 17, 2026

    CVE-2026-6443: WordPress Accordion Plugin Backdoor in Version 1.4.6

    The Accordion and Accordion Slider WordPress plugin version 1.4.6 was sold to a malicious threat actor who embedded a persistent backdoor, granting...

  • NewsApr 9, 2026

    Microsoft Suspends Dev Accounts for High-Profile Open

    Microsoft has suspended developer accounts used to maintain several prominent open-source projects without prior notice or a quick reinstatement path,...

  • NewsApr 8, 2026

    Snowflake Customers Hit in Data Theft Attacks After SaaS

    Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen, enabling...

  • NewsApr 6, 2026

    How LiteLLM Turned Developer Machines Into Credential

    The TeamPCP threat actor's March 2026 supply chain attack against LiteLLM exposed a dangerous blind spot: developer workstations running local AI agents...

  • NewsApr 6, 2026

    Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits

    This week's biggest cybersecurity stories: a North Korean supply chain attack hit the Axios npm package, a new Chrome zero-day under active exploitation,...

  • NewsApr 5, 2026

    36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

    Cybersecurity researchers discovered 36 malicious npm packages disguised as Strapi CMS plugins that abused Redis and PostgreSQL connections to harvest...

  • NewsApr 4, 2026

    EU Cyber Agency Attributes Major Data Breach to TeamPCP

    ENISA has officially attributed the massive European Commission data breach — and a wider campaign affecting 30 EU institutions — to the TeamPCP hacking...

  • NewsApr 4, 2026

    European Commission Confirms Data Breach Linked to Trivy

    The European Commission has confirmed a major data breach of its AWS environment, with over 300GB of data stolen — including personal information of EU...

  • NewsApr 4, 2026

    UNC1069 Social Engineering of Axios Maintainer Led to npm

    The North Korean threat actor UNC1069 used a sophisticated, targeted social engineering campaign against the Axios npm package maintainer Jason Saayman to...

  • NewsApr 3, 2026

    Blast Radius of TeamPCP Attacks Expands Amid Hacker

    As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are taking credit and creating a murky attribution...

  • NewsApr 3, 2026

    Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

    The rebuilt Chainguard Factory platform adds deeper security automation designed to continuously reconcile open source artifacts across containers,...

  • NewsApr 3, 2026

    Claude Source Code Leak Highlights Big Supply Chain Missteps

    The accidental exposure of Anthropic's Claude Code source code via an npm packaging error is the latest reminder that software supply chains need...

  • NewsApr 3, 2026

    The Good, the Bad and the Ugly in Cybersecurity – Week 14

    SentinelOne intercepts a LiteLLM supply chain attack in real time, attackers weaponize the Axios npm package to deploy a cross-platform RAT, and a Chrome...

  • NewsApr 2, 2026

    Claude Code Leak Used to Push Infostealer Malware on GitHub

    Threat actors are capitalising on the Claude Code source code leak by creating fake GitHub repositories that impersonate the leaked source to deliver...

  • NewsApr 2, 2026

    Mercor Confirms Security Incident Tied to LiteLLM Supply

    AI hiring platform Mercor has confirmed a security incident linked to the LiteLLM PyPI supply chain attack carried out by TeamPCP. Separately, Lapsus$...

  • NewsApr 2, 2026

    Nissan Says Stolen Data Came from Third-Party Vendor After

    A hacking group claimed to have breached the file-transfer system used by a company that provides services to Nissan and Infiniti dealerships across North...

  • NewsApr 2, 2026

    The State of Trusted Open Source Report: Key Findings for 2025

    Chainguard's first-ever State of Trusted Open Source report reveals critical insights into open source consumption patterns across container images,...

  • SecurityApr 2, 2026

    CVE-2026-3502: TrueConf Client Update Integrity Bypass

    TrueConf Client fails to verify the integrity of downloaded update payloads, allowing an attacker who can influence the update delivery path to substitute...

  • NewsApr 1, 2026

    Axios NPM Package Breached in North Korean Supply Chain

    A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored versions of the widely used...

  • NewsApr 1, 2026

    Claude Code Source Leaked via npm Packaging Error

    Anthropic confirmed that internal source code for its Claude Code AI coding assistant was accidentally published to npm due to a human packaging error. No...

  • NewsApr 1, 2026

    Google Attributes Axios npm Supply Chain Attack to North

    Google's Threat Intelligence Group has formally attributed the supply chain compromise of the popular Axios npm package to UNC1069, a financially...

  • NewsApr 1, 2026

    Hackers Exploit TrueConf Zero-Day to Push Malicious

    Threat actors have weaponized an unpatched zero-day in TrueConf conference server software to execute arbitrary files on all connected endpoints,...

  • SecurityApr 1, 2026

    CVE-2025-15618: Perl Payment Module Uses Insecure

    Business::OnlinePayment::StoredTransaction through version 0.01 for Perl generates its secret key using an MD5 hash of a single rand() call — a...

  • NewsMar 31, 2026

    Attack on Axios Developer Tool Threatens Widespread

    Security researchers at multiple firms are sounding alarms over a supply chain attack against Axios, an npm package with 100 million weekly downloads....

  • NewsMar 31, 2026

    Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

    Two newly published versions of the widely used Axios HTTP client library — v1.14.1 and v0.30.4 — were found to contain a malicious fake dependency that...

  • NewsMar 31, 2026

    Cisco Source Code Stolen in Trivy-Linked Dev Environment

    Cisco has suffered a major cyberattack after threat actors leveraged stolen credentials from the recent Trivy supply chain compromise to breach its...

  • NewsletterMar 31, 2026

    Mar 31 Digest: Axios npm RAT, Claude Code Source Leaked

    The Axios npm library was weaponized to deliver a cross-platform RAT; Anthropic accidentally leaked Claude Code's CLI source in an npm package; Google...

  • SecurityMar 30, 2026

    CVE-2026-4176: Perl Compress::Raw::Zlib Critical

    Perl versions 5.9.4 through 5.43.8 ship a vulnerable Compress::Raw::Zlib core module that inherits CVE-2026-3381 from a vendored zlib dependency. CVSS 9.8...

  • NewsMar 29, 2026

    FCC Bans Import of Foreign-Made Consumer Routers Over

    The FCC updated its Covered List on March 23, 2026, banning import of all new foreign-produced consumer routers, citing unacceptable risks to national...

  • NewsMar 28, 2026

    Backdoored Telnyx PyPI Package Pushes Malware Hidden in WAV

    Threat actors known as TeamPCP compromised the Telnyx Python package on PyPI, uploading malicious versions that conceal credential-stealing malware inside...

  • NewsMar 28, 2026

    TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides

    The TeamPCP threat actor — behind previous supply chain attacks on Trivy, KICS, and litellm — has now compromised the telnyx Python package on PyPI,...

  • NewsletterMar 26, 2026

    Mar 26 Digest: LeakBase Admin Arrested, WebRTC Skimmer

    This week: Russian authorities detain the alleged LeakBase admin weeks after the FBI-led global crackdown on the 147,000-subscriber stolen-data...

  • NewsMar 25, 2026

    Paid AI Accounts Are Now a Hot Underground Commodity

    New research from Flare Systems reveals that premium AI platform access — including ChatGPT Plus, Claude Pro, and raw API keys — has been systematically...

  • NewsMar 25, 2026

    Supply Chain Attack Hits Widely-Used AI Package, Risking

    Malicious versions of LiteLLM — a Python package with 3 million daily downloads present in roughly 36% of cloud environments — were quietly pushed to PyPI...

  • NewsletterMar 25, 2026

    Mar 25 Digest: DarkSword Leaks iPhone Zero-Days

    This week: the DarkSword iOS exploit chain published on GitHub threatens to democratize nation-state-grade iPhone hacking; CanisterWorm turns the Trivy...

  • NewsMar 23, 2026

    Trivy Hack Spreads Infostealer via Docker, Triggers Worm

    The Trivy supply chain attack has expanded dramatically beyond GitHub Actions: malicious Docker Hub images (versions 0.69.4–0.69.6) carry an infostealer,...

  • NewsMar 23, 2026

    Trivy Supply Chain Attack Targets CI/CD Secrets

    The open-source Trivy security scanner was weaponized by threat actor TeamPCP in a supply chain attack that hijacked 75 release tags to deploy an...

  • NewsMar 23, 2026

    Weekly Recap: CI/CD Backdoor, FBI Buys Location Data

    This week's cybersecurity roundup covers supply chain attacks hitting CI/CD pipelines, long-running IoT botnets finally disrupted, the FBI's warrantless...

  • NewsMar 22, 2026

    CanisterWorm: First Blockchain-Powered Self-Spreading Worm

    A novel self-propagating malware dubbed CanisterWorm uses Internet Computer Protocol smart contracts as an untakedownable C2 channel, spreading...

  • NewsMar 22, 2026

    Trivy Vulnerability Scanner Breached to Push Infostealer

    The Trivy open-source vulnerability scanner was compromised in a supply chain attack by the threat group TeamPCP, which hijacked 75 release tags and...

  • NewsMar 21, 2026

    Marquis Fintech Breach Exposes 672,000 Banking Customers

    Plano-based fintech vendor Marquis disclosed that a ransomware attack exploiting a SonicWall firewall vulnerability compromised Social Security numbers,...

  • NewsMar 21, 2026

    New Speagle Malware Hijacks Cobra DocGuard for State-Sponsored Espionage

    A newly discovered .NET infostealer dubbed Speagle repurposes compromised Cobra DocGuard servers for C2 and data exfiltration, targeting organizations...

  • NewsMar 20, 2026

    Eclypsium Raises $25 Million to Expand Device Supply Chain

    Portland-based Eclypsium has secured $25 million in strategic funding led by PEAK6 Strategic Capital, bringing its total raised to $110 million. The...

  • NewsMar 20, 2026

    Trivy Security Scanner GitHub Actions Breached — 75 Tags

    Trivy, Aqua Security's widely used open-source vulnerability scanner, was compromised a second time in a month. Attackers hijacked 75 GitHub Actions tags...

  • NewsletterMar 17, 2026

    Mar 17 Digest: GlassWorm Poisons Python, n8n RCE Hits KEV

    This week: GlassWorm escalates with 72 malicious Open VSX extensions and a GitHub token force-push campaign poisoning hundreds of Python repos; CISA adds...

  • NewsMar 16, 2026

    GlassWorm ForceMemo: Stolen GitHub Tokens Used to Poison

    The GlassWorm threat actor has launched a new sub-campaign called ForceMemo, using stolen GitHub tokens to silently force-push malware into hundreds of...

  • NewsMar 16, 2026

    Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach

    This week's cybersecurity roundup covers the actively exploited Chrome zero-day CVE-2026-2441, the Aisuru router botnet record DDoS attack, a supply chain...

  • NewsMar 14, 2026

    AppsFlyer Web SDK Supply Chain Attack Spread

    Attackers hijacked AppsFlyer's CDN domain via a registrar incident, serving a sophisticated 170 KB crypto-stealing JavaScript payload to every site...

  • NewsMar 14, 2026

    GlassWorm Escalates: 72 Malicious Open VSX Extensions Use

    The GlassWorm self-propagating worm campaign has compromised 72 Open VSX extensions using invisible Unicode Private Use Area characters and a Solana...

  • NewsMar 14, 2026

    OpenClaw AI Agent Flaws Enable Prompt Injection, 1-Click

    China's CNCERT has warned that OpenClaw (formerly Clawdbot/Moltbot), the viral self-hosted AI agent, carries over 250 disclosed vulnerabilities including...

  • SecurityMar 13, 2026

    Critical CORS + Path Traversal in TinaCMS CLI Dev Server

    A critical CVSS 9.6 vulnerability in TinaCMS prior to 2.1.8 combines a permissive CORS policy with a path traversal flaw, enabling a remote attacker to...

  • NewsMar 11, 2026

    UNC6426 Weaponizes Old nx npm Compromise to Seize AWS Admin Access

    Threat actor UNC6426 leveraged stolen credentials from last year's nx npm supply chain attack to achieve full AWS administrator access at a victim...

  • NewsletterMar 11, 2026

    Mar 11 Digest: npm Supply Chain Seizes AWS Admin, 3.4M

    This week: UNC6426 weaponizes a stale npm supply chain compromise to seize full AWS admin in 72 hours, Cognizant TriZetto leaks 3.4 million patient...

  • NewsMar 9, 2026

    North Korea's UNC4899 Breached Crypto Firm via AirDropped

    North Korean threat actor UNC4899 compromised a cryptocurrency organization after a developer AirDropped a trojanized archive from a personal device to a...

  • NewsFeb 25, 2026

    Diesel Vortex: Russian Cybercrime Ring Steals 1,649

    A Russian-linked phishing operation dubbed Diesel Vortex has stolen over 1,649 credentials from major freight and logistics companies across the US and...

  • NewsFeb 24, 2026

    Japanese Semiconductor Giant Advantest Hit by Ransomware

    Advantest Corporation, the world's leading manufacturer of semiconductor test equipment supplying companies like TSMC, Intel, and Samsung, disclosed a...

  • NewsFeb 23, 2026

    Cline CLI Supply Chain Attack Installs Unauthorized

    A compromised npm publish token was used to inject a malicious postinstall script into Cline CLI version 2.3.0 on February 17, 2026, silently installing...

  • NewsFeb 19, 2026

    WEF Global Cybersecurity Outlook 2026 Warns of 'Permanent

    The World Economic Forum's Global Cybersecurity Outlook 2026 warns of permanent instability driven by geopolitical tensions, supply chain dependencies,...

  • NewsFeb 19, 2026

    Conduent Breach Balloons to Tens of Millions of Americans

    The January 2025 ransomware attack on government technology giant Conduent continues to expand in scope, now confirmed to affect 15.4 million in Texas and...

  • NewsFeb 18, 2026

    Notepad++ Supply Chain Attack Attributed to China-Linked

    Notepad++ releases emergency v8.9.2 patch after a China-linked APT group hijacked the update mechanism for six months, deploying the Chrysalis backdoor to...

  • NewsFeb 17, 2026

    Trojanized MCP Server Deploys StealC Infostealer Targeting

    A SmartLoader campaign distributes a trojanized Model Context Protocol (MCP) server disguised as Oura Health's legitimate tool, deploying StealC...

  • NewsFeb 12, 2026

    Lazarus Group Plants 192 Malicious Packages in npm and PyPI

    North Korea's Lazarus Group is running a fake recruitment campaign codenamed Graphalgo, planting 192 malicious packages on npm and PyPI that target...

  • NewsFeb 10, 2026

    BridgePay Payment Gateway Knocked Offline by Ransomware

    Major U.S. payment processor BridgePay remains completely offline after a ransomware attack, forcing merchants nationwide to revert to cash-only operations.

  • SecurityFeb 10, 2026

    Lotus Blossom APT Compromises Notepad++ Updates to Deploy

    China-linked Lotus Blossom hijacked Notepad++ software updates for six months, selectively delivering the Chrysalis backdoor to government and IT targets...

  • NewsFeb 8, 2026

    Tirith: New Open-Source Tool Blocks Homoglyph Attacks

    A new cross-platform tool called Tirith hooks into terminal shells to detect and block Unicode homoglyph attacks, pipe-to-shell exploits, and supply chain...

  • SecurityFeb 5, 2026

    Conduent Breach Expands: 15.4 Million Texans Affected, 8TB

    Government technology provider Conduent's January 2025 ransomware breach now confirmed to affect at least 15.4 million people in Texas alone, with 8TB of...

  • NewsJan 23, 2026

    Nike Hit by Data Breach: 1.4 TB of Supply Chain Data Leaked

    WorldLeaks extortion group claims responsibility for a data breach on Nike, allegedly exposing 1.4 terabytes of internal data including supply chain and...