Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades...
Hacking
Category Added in a WPeMatico Campaign
Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant
Swati KhandelwalJun 26, 2026Phishing / Malware An active phishing campaign has been targeting hotel and other hospitality organizations across Europe...
Russia Used Cellebrite on Jailed Activist’s iPhone Months After Sales Cutoff
Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June...
Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that...
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript...
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
Ravie LakshmananJun 25, 2026Hacking News / Cybersecurity News It’s dumb out there again. This week has the usual smell of...
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during...
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
Ravie LakshmananJun 25, 2026AI Security / Malware A previously undocumented Rust-based macOS implant and information stealer has been found to...
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
Ravie LakshmananJun 25, 2026Initial Access Broker / Ransomware A new, stealthy backdoor named Mistic has been deployed as part of...
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
Ravie LakshmananJun 25, 2026Vulnerability / Threat Intelligence An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco...
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
Ravie LakshmananJun 24, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active...
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in...
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Ravie LakshmananJun 24, 2026Open Source / Supply Chain Security Cybersecurity researchers have flagged a new class of CI/CD workflow weakness...
Dawn of the Apex Agentic Adversary
The Hacker NewsJun 24, 2026Network Security / Vulnerability Management We are standing at the end of an era we never...
DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
Ravie LakshmananJun 24, 2026Money Laundering / Cybercrime The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a...
