-
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. “Although the affected packages were all Composer packages, the malicious code was not added to composer.json,” Socket said. “Instead, it was inserted into package.json, targeting projects that ship JavaScript
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
·
The Space Force should prepare to put active-duty troops on the moon and on space stations to counter China’s lunar and military ambitions, a new research paper argues.The Mitchell Institute’s paper, published Thursday, calls for the Space Force to prioritize the creation of a “human spaceflight” program and redefine federal, active-duty Title 10 orders to compete against China’s military-focused space initiatives—such as the reported goal of putting its Taikonauts on the moon by 2030. Although Chinese officials as recently as last month have said the country believes in the “peaceful use” of space, the paper claims future “competition for control of lunar resources and territory will likely reach a tipping point” and the U.S. military must be prepared.
“With a potential ‘in person’ lunar conflict with China as the contextual touchstone, the U.S. must begin a pragmatic multi-decade effort, leveraging its Space Test Course (STC), as well as partnerships with NASA and commercial space companies, to deliver the skills, tools, and concepts needed for future Title 10 activities to enforce U.S. spacepower-enabling norms and standards,” the report said. “These efforts will require additional funding from Congress for both U.S. Space Force human spaceflight opportunities and residencies at commercial space stations.”
The 22-page policy report calls for blurring the long-standing boundaries between space exploration and militarized operations by allowing Title 10 active-duty federal orders to include “space and lunar habitation” and “warfighting authorities and a national defense mindset in the advancement of human spaceflight.” The 1967 Outer Space Treaty, which the U.S. and China are parties to, calls for the governments to use the moon and other planets for “peaceful purposes” and forbids military bases, testing, and maneuvers. Kyle Pumroy, a retired Space Force colonel and the paper’s author, called for pushing back against those norms.
“Although The 1967 Outer Space Treaty (OST) prohibits claims of lunar sovereignty and militarizing the moon, China’s habitation plans are closely aligned with their military and are inconsistent with the provisions,” the report said. “Moreover, China’s record of territorial aggression and ignoring treaty agreements must drive a strategic vision unconstrained by the OST. While upholding the OST should be the United States’ desire and priority, pragmatically, it must prepare otherwise.”
Pumory said during a webinar Wednesday that guardians on the moon wouldn’t be “necessarily a violation of outer space treaty” if they weren’t conducting maneuvers, but he also recognized that the treaty would need to be updated.
“I think at that point, once we have military members on the moon. Again, the treaty would need to be updated, because if one side does it and we say ‘well, you're violating the treaty, and we're not going to do that’ we're just setting ourselves up for disappointment,” Pumroy said. “So I don't think it's a violation to send them there, but whether we're violating the Outer Space Treaty or not is an important fact, but the greater need is for a modernized Outer Space Treaty that appreciates a lunar economy and mining resources from the moon, and mining ice from the moon, and using the moon as a launch pad to get to Mars and other locations.”
Victoria Samson, the Secure World Foundation’s chief director of space security and stability, said the Mitchell Institute’s report is an example of how the norms of space exploration and militarized operations are being challenged.
“It used to almost be a separation of church and state between the two,” Samson said. “Now, that line is being blurred, and I think it’s more a matter of, we have an administration that is supportive of a very active and expanding Space Force.”
The Mitchell Institute teased the idea of putting guardians in space last year. In a report titled “A Broader Look at Dynamic Space Operations,” the authors pitched the idea of putting troops on critical Space Force assets, to raise the stakes if an enemy decides to strike and to allow for flexibility and responsiveness in high-stakes situations.
The Space Force hasn’t sent any of its uniformed personnel into space for active-duty operations, but it has loaned its officers to NASA’s exploration missions. In 2020, astronaut Mike Hopkins transferred from the Air Force into the Space Force while aboard the International Space Station. In 2024, Space Force Col. Nick Hague commanded NASA’s SpaceX Crew-9 mission, which lasted 171 days. He was the first active-duty guardian to ever launch into space.
The report also calls for Congress to fund future commercial space station residencies, or even the purchase of “a Space Force-dedicated space station” in future national defense authorization act legislation to help build guardian training and skills on orbit.
“Space station-based operations provide Guardians a trailblazing opportunity for the realistic testing and experimentation of future military concepts,” the report said. “Nothing compares to in-domain, first-hand experience to inform the development of future military requirements. Furthermore, taking this decisive step will send a strong message about the commitment of the United States to maintain space superiority.”
]]>¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month. Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set of about 50 partners
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
·
Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers.¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are actively exploiting end-of-life F5 BIG-IP appliances to gain unauthorized SSH access into enterprise networks, using the compromised devices as launchpads for sophisticated multi-stage intrusion campaigns that ultimately target Active Directory infrastructure. Microsoft Threat Intelligence disclosed the full attack chain on May 22, 2026, documenting how a single compromised edge appliance cascaded into […]
The post Hackers Exploit F5 BIG-IP to Gain SSH Access and Pivot Into Linux Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include – laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions “The timing and pattern of the newly published tags
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being actively exploited in the wild, enabling any authenticated cPanel user to execute arbitrary scripts as root and gain full server control. Tracked as CVE-2026-48172 with a maximum CVSS score of 10.0, the flaw has been patched as of May 21, 2026. The root cause is a logic […]
The post LiteSpeed cPanel Plugin 0-Day Exploited for Server Root Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ubiquiti has released urgent security patches for five critical and high-severity vulnerabilities across its UniFi OS platform, addressing flaws that could allow remote attackers to execute arbitrary commands and escalate privileges on a wide range of UniFi devices. The flaws also span improper access control and path traversal, affecting a broad range of UniFi OS […]
The post Ubiquiti Patches Critical UniFi OS Privilege Escalation Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers, the campaign represents a calculated escalation in supply-chain-focused eCrime targeting AI developer tooling. The infection […]
The post Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
