Cybersecurity News

Researchers at Mozilla's Zero Day Investigative Network (0DIN) have disclosed a novel attack technique that exploits agentic AI coding tools, demonstrating how a seemingly benign G...

The education sector continues to absorb punishing blows from third-party breaches, with ransomware groups like Cl0p exploiting software vulnerabilities in vendors to cascade damag...

Polymarket, one of the world's largest crypto-based prediction markets and currently valued at $9 billion, has announced it will fully reimburse customers who lost an estimated $3 ...

Cybersecurity researchers at Socket have uncovered a new wave of the Mini Shai-Hulud, Miasma, and Hades malware campaign, this time targeting npm packages associated with LeoPlatfo...

A widely used Google Chrome ad-blocking extension, Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), carries a dormant capability to inject arbitrary Jav...

Cybersecurity researchers at Novee Security have identified a critical class of CI/CD workflow misconfiguration dubbed "Cordyceps" that exposes more than 300 high-impact GitHub rep...

Security researchers at AIR have demonstrated a stark gap in AI agent supply chain defenses by publishing a malicious-looking skill that sailed past every scanner it was tested aga...

Cybersecurity researchers at JFrog have uncovered three malicious npm packages designed to deliver a Windows-based remote access trojan (RAT) to developers who install them. Publis...

OpenAI announced on Monday the release of GPT-5.5-Cyber, an upgraded version of its cybersecurity-focused large language model, made available to trusted defenders through the Dayb...

Multiple premium WordPress plugins from ShapedPlugin were compromised in a sophisticated supply chain attack after unknown threat actors tampered with the vendor's official release...

Microsoft has attributed the recent Mastra AI supply chain attack—which compromised more than 140 npm packages—to Sapphire Sleet, a North Korean state-sponsored threat group also t...

Market intelligence platform Klue has confirmed a security incident in which attackers exploited a compromised legacy credential to steal OAuth tokens, gaining access to multiple c...

Microsoft researchers have disclosed AutoJack, an exploit chain that weaponizes an AI browsing agent into a remote code execution vector. By luring a local agent to render an attac...

The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its external license system vendor on June 19, 2026, compromising the personal information of more than 3 ...

Nintendo of America has confirmed that threat actors stole internal survey data from TinyPulse, a third-party employee engagement platform owned by WebMD Health Services, but stres...

When a shopper enters their card number on a modern checkout page, their browser is executing far more than the merchant's own code. Analytics tags, tag managers, support widgets, ...

Cybersecurity researchers at Aikido Security have uncovered a coordinated malware campaign on the JetBrains Marketplace involving at least 15 malicious plugins designed to steal ar...

A single compromised npm contributor account ("ehindero") was used to mass-publish more than 144 malicious packages across the @mastra/* scope on June 17, 2026, in an 88-minute aut...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity flaw in Widget Factory's Joomla Content Editor (JCE) to its Known Exploited Vulnerabil...

At least 15 malicious plugins discovered on the JetBrains Marketplace have been stealing AI API keys from developers in a coordinated supply chain campaign that has accumulated clo...

Proofpoint researchers Saher Naumaan and Carlos Rubio have documented a new wave of activity from the North Korean state-aligned threat cluster tracked as Contagious Interview (als...

Google has rolled out emergency security updates for Chrome to patch CVE-2026-11645, a high-severity out-of-bounds memory access vulnerability in the V8 JavaScript and WebAssembly ...

A coordinated supply chain attack compromised JavaScript files served by three popular WordPress plugins—PushEngage, OptinMonster, and TrustPulse—turning trusted scripts into vecto...

GitHub has announced that NPM 12, expected to release in July, will no longer execute dependency scripts by default, a significant security overhaul aimed at neutralizing the wave ...

In a sweeping supply chain attack dubbed Atomic Arch, threat actors compromised more than 400 packages in the Arch User Repository (AUR) between June 11 and June 12, rewriting buil...

A China-nexus advanced persistent threat tracked as Velvet Ant by incident response firm Sygnia maintained covert access to a target network for nearly a decade by compromising the...

More than 400 packages in the Arch User Repository (AUR) have been compromised to distribute a Linux rootkit and infostealer malware designed to harvest developer credentials, acce...

Supply-chain attacks rarely appear under their real name in underground forums. Long before a malicious package, compromised update, or breached vendor makes headlines, the precurs...

The 2026 Cybersecurity Stars Awards have officially announced winners across 95 subcategories spanning four main award pillars, spotlighting the often-unseen work that keeps organi...

Vietnam-aligned threat actor OceanLotus has been linked to two parallel cyber-espionage campaigns targeting domestic entities, leveraging its signature SPECTRALVIPER backdoor in a ...

GitHub has announced sweeping "breaking changes" coming to npm version 12, scheduled for release next month, including a default-off setting for install scripts designed to disrupt...

Cybersecurity researchers at Cyera have disclosed six vulnerabilities in protobuf.js, a widely used JavaScript and TypeScript implementation of Google's Protocol Buffers serializat...

A new supply chain offensive dubbed Hades has compromised 19 packages in the Python Package Index (PyPI), deploying 37 malicious wheel artifacts that silently install a Bun-based c...

SoFi Securities (Hong Kong) Limited is notifying customers of a data breach that exposed an unknown volume of personal information through a third-party vendor database. The subsid...

A China-linked cyber espionage group tracked as VerdantBamboo has been observed deploying a BSD variant of the BRICKSTORM backdoor alongside two new malware families, PLENET (aka G...

Microsoft has rolled out a new protective measure in Visual Studio Code (VS Code) 1.123 that delays automatic extension updates by two hours, aiming to curb the rising tide of soft...

Seattle-based cybersecurity startup Emphere has secured $2.1 million in pre-seed funding from AI2 Incubator and Outsiders Fund to advance its AI-driven vulnerability remediation pl...

A reverse-engineering analysis published June 5 by Include Security and independent researcher Buchodi has exposed how Bright Data, the successor to Luminati and operator of what i...

Japanese tech giant Toshiba and retail chain Muji are warning visitors that suspicious sign-in screens appearing on their websites may be harvesting credentials, in a supply chain ...

The Windows version of Hola Browser was compromised in a supply chain attack that pushed an undeclared Monero cryptocurrency miner to a small fraction of users, according to Bleepi...

Cybersecurity researchers have disclosed a critical one-click attack chain that abuses Microsoft Visual Studio Code (VS Code) webviews to steal fully scoped GitHub OAuth tokens. Di...

Cybersecurity researchers at McAfee Labs have uncovered a malware-as-a-service (MaaS) campaign dubbed Weedhack that has been actively targeting Minecraft players since January 2026...

Microsoft announced at its Build 2026 developer conference the release of Coreutils for Windows, a package that delivers common Linux command-line utilities as native Windows appli...

A new supply chain attack campaign dubbed "Miasma" has compromised multiple @redhat-cloud-services npm packages to steal credentials and secrets from developer machines, ultimately...

More than 30 npm packages under the @redhat-cloud-services namespace were compromised in a sophisticated supply‑chain attack that delivered a new variant of the Shai‑Hulud credenti...

Cybersecurity researchers have uncovered a malicious NuGet package disguised as an official C# software development kit for Sicoob, one of Brazil's largest cooperative financial sy...

GitHub has officially confirmed that a sophisticated supply chain attack compromised its internal repositories, resulting in the exfiltration of approximately 3,800 repositories by...

A sophisticated supply chain attack has compromised the Laravel Lang localization packages, affecting four repositories and potentially hundreds of historical versions. Security re...

GitHub has officially confirmed that the breach of its internal repositories resulted from a compromise of an employee device involving a poisoned version of the Nx Console Microso...

GitHub has confirmed a significant security incident in which threat actor TeamPCP exfiltrated approximately 3,800 internal repositories after compromising an employee's device thr...

In a concentrated 48-hour window, threat actors launched coordinated attacks against npm, PyPI, and Docker Hub, marking a significant escalation in software supply chain aggression...

Security researchers are warning that a new generation of AI agents capable of autonomously discovering and exploiting obscure vulnerabilities is fundamentally altering the threat ...

OpenAI has disclosed that two employee devices were compromised via the Mini Shai-Hulud supply chain attack targeting TanStack, an open-source software library ecosystem. The breac...

Cybersecurity researchers have identified a sophisticated campaign dubbed "GemStuffer" that has compromised the RubyGems package repository with over 150 malicious gems designed to...

RubyGems, the official package manager for the Ruby programming language, has temporarily suspended new account registrations following a significant supply chain attack. According...

Checkmarx has confirmed that threat actors from TeamPCP published a malicious version of the Jenkins AST plugin to the Jenkins Marketplace. The compromised version, 2.0.13-829.vc72...

A sophisticated supply chain attack has been uncovered on Hugging Face after a malicious repository impersonating OpenAI's legitimate Privacy Filter model climbed to the platform's...

The official website for JDownloader, a widely used open‑source download manager, was compromised earlier this week. Attackers altered the download links for both Windows and Linux...

A fraudulent repository masquerading as OpenAI’s "Privacy Filter" project has been discovered on Hugging Face, the popular model‑sharing hub. The repo, which briefly made the platf...

U.S. authorities have apprehended a suspect allegedly responsible for compromising rail signaling systems, marking a rare enforcement action against attacks on transportation netwo...

Thousands of schools and universities across the United States and Canada were thrust into disarray this week after the popular learning management system (LMS) Canvas, developed b...

On Thursday, May 30 2025, a coordinated cyber incident hit Instructure's Canvas learning management system, displaying a ransom note from an unidentified cybercriminal group to stu...

Trend Micro researchers have identified a cluster of four Android applications on the Google Play Store that masqueraded as tools to view any phone number’s call history. The apps,...

Security researchers at SentinelLabs have uncovered a previously undocumented Linux remote access trojan, codenamed Quasar Linux RAT (QLNX), that is being deployed in a campaign ai...

Trellix, a prominent cybersecurity vendor, disclosed on [date] that its internal source‑code repository had been compromised. The intrusion was promptly claimed by the RansomHouse ...

On March 15, 2023, a federal jury in the Eastern District of Virginia found Austin M. Collins, 34, of Arlington, Virginia, guilty of one count of conspiracy to commit computer frau...

Researchers at SentinelLabs have uncovered a new supply‑chain threat targeting developers who rely on the Python Package Index (PyPI). The campaign, tracked as ‘ZulipSnatch’, consi...

Security researchers have disclosed twelve critical vulnerabilities in the popular vm2 Node.js sandbox library, collectively enabling attackers to escape the sandbox environment an...

Security researchers have identified a new banking trojan, named TCLBanker, that is actively spreading through WhatsApp messages and Outlook emails. The campaign lures victims with...

Security researchers at the TrustFall convention have disclosed a critical vulnerability that allows malicious code repositories to trigger arbitrary code execution in several popu...

Two U.S. nationals were sentenced to 18 months in federal prison each for managing laptop farms that facilitated North Korean IT workers in securing remote positions at nearly 70 A...

Google has announced a significant expansion of its Binary Transparency initiative for Android, introducing a public verification mechanism designed to protect the ecosystem from s...

A threat actor known as ShinyHunters has claimed responsibility for a cyberattack against Instructure, the company behind the widely deployed Canvas learning management system (LMS...

A critical sandbox‑escape flaw (CVE‑2023‑48927) has been uncovered in vm2, the widely‑used Node.js sandboxing library. The vulnerability, discovered by security researcher Alex Tsv...

Disc Soft Limited, the vendor behind the popular disc‑imaging utility DAEMON Tools Lite, acknowledged on March 8 2026 that a malicious update had been pushed through its official d...

A sophisticated supply‑chain compromise has been uncovered in the popular disc‑imaging suite DAEMON Tools, after security researchers at Kaspersky detected a malicious payload embe...

The North Korea‑aligned advanced persistent threat (APT) group ScarCruft, also tracked as Group 123 and Reaper, has resurfaced with a fresh supply‑chain intrusion that targets a po...

Trellix, a prominent cybersecurity company formed from the merger of McAfee Enterprise and FireEye, has confirmed a significant source code breach affecting multiple security produ...

Security researchers have uncovered a previously undocumented Linux implant, dubbed Quasar Linux (QLNX), that is actively targeting software developers. Discovered during an invest...

On April 8, 2026, Disc Soft Ltd. confirmed that the official DAEMON Tools Pro installer (version 8.0.0.0634) had been trojanized and was being distributed through its website. The ...

HeroDevs released a new analysis showing that end‑of‑life (EOL) open‑source components create systematic blind spots in CVE feeds and the Software Composition Analysis (SCA) tools ...

The North Korean threat group APT37, also tracked as ScarCruft, has been observed delivering an Android variant of its BirdCall backdoor through a supply‑chain compromise of a popu...

Modern DevSecOps pipelines lean heavily on CVE feeds such as the National Vulnerability Database (NVD) and Software Composition Analysis (SCA) tools like Snyk, Synopsys Black Duck,...

Since April 2025, a sophisticated phishing operation has targeted more than 80 organizations by abusing legitimate Remote Monitoring and Management (RMM) platforms, SimpleHelp and ...

Physical cargo theft is no longer the domain of opportunistic street gangs; it has morphed into a high‑tech enterprise orchestrated by transnational cybercriminal syndicates. Accor...

On March 15, 2024, the Python Package Index (PyPI) removed a trojanized version of the popular deep‑learning wrapper "pytorch‑lightning" after security analysts at Cisco Talos iden...

Cybersecurity firm Trellix has disclosed a significant data breach after threat actors gained unauthorized access to a portion of its source code repository. The incident, discover...

On March 24, 2026, Microsoft Defender began flagging legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha after a signature update. The detection impacted multiple...

Trellix has officially acknowledged a security incident in which an unauthorized party gained access to a portion of its source code repositories. The company said it identified th...

Security researchers at SentinelLabs have uncovered a sophisticated supply‑chain campaign, dubbed "Nightshade," that embeds dormant malicious code in popular Ruby Gems and Go modul...

Threat actors have once again exploited the open‑source supply chain, compromising the popular Python libraries PyTorch Lightning and Intercom‑client. By obtaining the maintainer’s...

Atos Threat Research Center (TRC) uncovered in March 2026 a highly resilient malicious operation that distributes a remote‑access trojan called EtherRAT. The campaign abuses GitHub...

A Brazilian technology firm that markets itself as a specialist in mitigating distributed denial-of-service (DDoS) attacks has been uncovered as the operator of a botnet responsibl...

A threat actor identified as TeamPCP has extended its supply‑chain assault to the SAP cloud application development ecosystem, compromising several npm packages that are integral t...

Google has successfully patched a maximum severity vulnerability (CVSS 10) in its Gemini CLI tool, specifically affecting the "@google/gemini-cli" npm package and the "google-githu...

A newly identified ransomware strain named Vect 2.0 has been observed executing wiper‑style attacks against organizations compromised through the TeamPCP software supply chain. The...

Cybersecurity researchers at Aikido Security have uncovered a new supply chain attack campaign that has compromised several npm packages associated with SAP software. The malicious...

Cybersecurity researchers have identified a fresh wave of attacks linked to North Korean state‑actors that combine artificial‑intelligence‑generated code, malicious npm packages, a...

Security researchers have observed a persistent escalation of the GlassWorm campaign, in which threat actors publish seemingly innocuous extensions for Visual Studio Code on the Op...

Security researchers from CyberSec Labs have identified a critical remote‑code‑execution (RCE) vulnerability in both GitHub.com and GitHub Enterprise Server. Tracked as CVE‑2026‑38...

Checkmarx has confirmed that the data stolen during the March 23 supply‑chain intrusion has been publicly posted on a Tor‑based dark‑web leak site. The company’s incident response ...

Fast16, a newly identified modular Trojan, has been observed in a wave of attacks that leverage DLL side‑loading to bypass application whitelisting. Discovered by Cisco Talos on 20...

Security researchers have identified 73 malicious Visual Studio Code extensions hosted on the Open VSX registry that are distributing an updated variant of the GlassWorm informatio...

Glasswing’s recent announcement that it has secured the core code of its platform is a welcome step toward reducing software vulnerabilities, but security experts warn that the bro...

NASA's Office of Inspector General (OIG) has disclosed a sophisticated spear‑phishing campaign orchestrated by a Chinese national who masqueraded as a U.S. defense researcher. The ...

Tropic Trooper, a Chinese‑speaking threat actor tracked by several threat‑intel firms, has launched a new campaign that weaponizes a trojanized version of the popular open‑source P...

Bitwarden CLI versions 2024.1.0 and earlier have been compromised as part of a supply‑chain campaign linked to the Checkmarx name. Security researcher Alex Petrov of XYZ Security L...

The latest ThreatsDay bulletin from hackmyip.com details a series of high‑impact incidents that illustrate the stubborn persistence of familiar flaws in the security landscape. Top...

Security researchers have uncovered a sophisticated attack campaign linked to Democratic People’s Republic of Korea (DPRK) threat actors that combines fake job offers with a worm‑l...

Power‑grid operators have long wrestled with keeping servers and data‑center equipment fed with clean, stable electricity, but a new wave of cyber‑threats is turning the supply sid...

Security researchers have identified a critical remote code execution vulnerability (CVE-2026-1731) in Bomgar Remote Monitoring and Management (RMM) software that threat actors are...

On March 5, 2026, Vercel's security operations center (SOC) detected anomalous activity stemming from an OAuth token tied to a senior developer's account. The token, scoped to the ...

A wave of newly disclosed flaws in serial-to-IP converters is raising alarms across the operational‑technology (OT) sector, with researchers warning that the devices act as a hidde...

Security researchers have disclosed critical vulnerabilities affecting IP KVM (Keyboard, Video, Mouse) devices from four major manufacturers, potentially exposing thousands of ente...

Security researchers at MIT Lincoln Laboratory have demonstrated that current DNA‑synthesis screening tools can miss proteins generated by state‑of‑the‑art AI models, effectively c...

Google has officially announced its Android developer verification program will feature both free and paid tiers, marking a significant shift in how developers are authenticated be...

Clorox has filed a lawsuit against a service desk vendor following a 2023 cybersecurity breach that cost the company approximately $380 million. The legal action centers on allegat...

Cisco Talos researchers have uncovered a coordinated campaign that weaponized four Chrome and Edge extensions—PDF Merger, WebScrap, FastFill, and ReadableView—collectively installe...