-
Supply chain campaign has now extended to Checkmarx’s Jenkins ecosystem, with attackers pushing a malicious Checkmarx Jenkins AST plugin to the official Jenkins Marketplace as part of the ongoing KICS/Trivy-linked compromise. The rogue release is ident…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A massive supply chain breach affecting 84 npm packages within the widely used TanStack ecosystem. Malicious actors compromised these packages by injecting a sophisticated credential-stealing tool designed to target continuous integration environments …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Artificial intelligence has officially transitioned from an experimental hacking novelty into an industrial-scale weapon for cybercriminals. Google Threat Intelligence Group (GTIG) adversaries are now actively using generative AI models to discover vul…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
TrickMo, the Android banking malware, has resurfaced with a significantly redesigned architecture, targeting banking, fintech, wallet, and authenticator applications while introducing advanced stealth and network capabilities. Rather than introducing e…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A dispute over maintainer access in the widely used Go library fsnotify has triggered temporary supply chain concerns after contributors were removed from the project’s GitHub organization and recent releases came under scrutiny. While no evidence sugg…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical authentication bypass vulnerability affecting cPanel and WHM servers, identified as CVE-2026-41940, is currently under active exploitation by a highly sophisticated and elusive cybercriminal syndicate known as Mr_Rot13. The vulnerability car…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A stealthy Python-based infostealer campaign that abuses GitHub Releases to host payloads and maintain long-term, low‑visibility access to victim systems. The operation, dubbed “Operation HumanitarianBait” in some reporting, appears designed for cybere…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Recently disclosed vulnerabilities in PHP, particularly within its widely used SOAP extension, have raised significant alarms across the cybersecurity community. Among the newly identified flaws is a high-severity vulnerability that could permit attack…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing a fake Claude AI download site to deliver a PlugX‑style DLL sideloading chain that ultimately deploys a new Windows backdoor dubbed “Beagle.” The campaign blends malvertising, a trojanized installer, and signed security software com…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a trio of critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. Released on May 7, 2026, these security flaws pose a substantial risk to enterprise data privacy and c…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
