WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Ravie LakshmananJun 09, 2026Vulnerability / Cyber Espionage Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in...
attack
Malicious WhatsApp, Slack Alerts Could Have Exposed Millions of Android Users
A routine phone notification could have become an attack path for Google Gemini on Android, according to new research from...
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Ravie LakshmananJun 03, 2026Vulnerability / Software Development Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS...
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from...
The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On.
The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On. Pierluigi Paganini May 27, 2026...
Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack
Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack Pierluigi Paganini May 26, 2026 Attackers have poisoned four...
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The...
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
Ravie LakshmananMay 23, 2026Malware / DevSecOps A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including...
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Ravie LakshmananMay 23, 2026Supply Chain Attack / Malware Cybersecurity researchers have flagged a fresh software supply chain attack campaign that...
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
Ravie LakshmananMay 21, 2026Supply Chain Attack / Developer Tools GitHub on Wednesday officially confirmed that the breach of its internal...
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Ravie LakshmananMay 20, 2026Supply Chain Attack / Cloud Security Grafana Labs, on May 19, 2026, said an investigation into its...
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Ravie LakshmananMay 19, 2026Supply Chain Attack / Developer Security Cybersecurity researchers have flagged a compromised version of the Nx Console...
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
Ravie LakshmananMay 19, 2026Software Security / Malware In yet another software supply chain attack, threat actors have compromised the popular...
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the...
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Ravie LakshmananMay 18, 2026Supply Chain Attack / Botnet Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one...
