Tag Archives: it security

The Alert Firehose Finally Meets Its Match
May 25, 2026

Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear...

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
May 25, 2026

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put...

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
May 25, 2026

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io...

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
May 23, 2026

GitHub has rolled out new controls for npm to improve the security of the software...

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
May 23, 2026

A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious...

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
May 23, 2026

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or...

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
May 23, 2026

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple...

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
May 23, 2026

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in...

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
May 23, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security...

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Authorities in Europe and North America have announced the dismantling of a criminal virtual private...

22
May
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine’s National Security and Defense...

22
May
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed...

22
May
Making Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers...

22
May
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man...

22
May
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting...

22
May
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could...

22
May
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been...

21
May
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

This week starts small. A token leaks. A bad package slips in. A login trick...

21
May
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come...

21
May
When Identity is the Attack Path

Consider a cached access key on a single Windows machine. It got there the way...

21
May
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected...

21
May
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result...

21
May
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that...

21
May
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in...

20
May
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact...

20
May
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in...

20
May
Agent AI is Coming. Are You Ready?

New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the...

20
May
Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem

AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties....

20
May
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its...

20
May
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no...

20
May