Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Ravie LakshmananMay 23, 2026Supply Chain Attack / Malware Cybersecurity researchers have flagged a fresh software supply chain attack campaign that...
fresh
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that...
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the...
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in...
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating...
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Ravie LakshmananMar 23, 2026Email Security / Cloud Security Microsoft has warned of fresh campaigns that are capitalizing on the upcoming...
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems
Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked...
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law...
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
Ravie LakshmananJan 22, 2026Vulnerability / Zero-Day Cisco has released fresh patches to address what it described as a "critical" security...
