Chilling Effects
Chilling Effects Younger Americans have soured on the second Donald Trump presidency, but they are not protesting it. Despite an...
have
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Ravie LakshmananMay 27, 2026Threat Intelligence / Supply Chain Attack Cybersecurity researchers have discovered a new malicious package on the npm...
Gitea Vulnerability Exposes Private Container Images without Authentication
Ravie LakshmananMay 27, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform...
Welcoming the Bahamian Government to Have I Been Pwned
14 May 2026 Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas....
Welcoming the Bangladesh Government to Have I Been Pwned
12 May 2026 Today, we welcome the 43rd government onboarded to Have I Been Pwned's free gov service, Bangladesh. The...
Welcoming the Costa Rican Government to Have I Been Pwned
11 May 2026 Today, we welcome the 42nd government onboarded to Have I Been Pwned’s free gov service: Costa Rica.The...
Defenders fall behind, as AI rewrites the rules of a data breach
For almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon...
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Ravie LakshmananMay 25, 2026Endpoint Security / Threat Intelligence Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that...
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by...
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Ravie LakshmananMay 23, 2026Supply Chain Attack / Malware Cybersecurity researchers have flagged a fresh software supply chain attack campaign that...
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by...
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561...
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a...
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Ravie LakshmananMay 21, 2026Linux / Vulnerability Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained...
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that...