npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
Ravie LakshmananMay 23, 2026Software Supply Chain / DevSecOps GitHub has rolled out new controls for npm to improve the security...
Ravie
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
Ravie LakshmananMay 23, 2026Malware / DevSecOps A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including...
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Ravie LakshmananMay 23, 2026Artificial Intelligence / Vulnerability Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000...
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Ravie LakshmananMay 23, 2026Supply Chain Attack / Malware Cybersecurity researchers have flagged a fresh software supply chain attack campaign that...
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
Ravie LakshmananMay 23, 2026Vulnerability / Web Security A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active...
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
Ravie LakshmananMay 23, 2026Vulnerability / Website Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched...
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
Ravie LakshmananMay 22, 2026Malware / Artificial Intelligence The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine's National Security...
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
Ravie LakshmananMay 22, 2026Cybercrime / Law Enforcement The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a...
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
Ravie LakshmananMay 22, 2026Vulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security...
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Ravie LakshmananMay 22, 2026Vulnerability / Network Security Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload...
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
Ravie LakshmananMay 21, 2026Hacking News / Cybersecurity News This week starts small. A token leaks. A bad package slips in....
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Ravie LakshmananMay 21, 2026Endpoint Security / Vulnerability Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender...
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Ravie LakshmananMay 21, 2026Linux / Vulnerability Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained...
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
Ravie LakshmananMay 21, 2026Supply Chain Attack / Developer Tools GitHub on Wednesday officially confirmed that the breach of its internal...
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Ravie LakshmananMay 21, 2026Web Security / Vulnerability Drupal has released security updates for a "highly critical" security vulnerability in Drupal...