A popular AI development library has been turned into a weapon. The mistralai PyPI package, version 2.4.6, was found to contain malicious code secretly injected by attackers, putting developers and organizations worldwide at serious risk. The compromise affects anyone who…
Tag: Cyber Security News
TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack
A supply chain attack that started with a relatively obscure open-source scanner has now reached one of the most widely used application security tools in the industry. In May 2026, a malicious version of the Checkmarx Jenkins AST plugin was…
Magecart Hackers Abuse Google Tag Manager to Inject Credit Card Skimmers
Online shoppers have long been targets of digital theft, but a recent wave of attacks has raised the stakes in a troubling new way. Hackers tied to the notorious Magecart group are now hiding credit card skimmers inside Google Tag…
Critical PHP SOAP Extension Vulnerabilities Enables Remote Code Execution Attacks
A serious cluster of vulnerabilities has been uncovered in PHP’s core string processing and ext-soap components, putting numerous web servers at immediate risk of total takeover. While the SOAP extension has a notorious history of memory corruption flaws, this latest…
OpenAI Daybreak Automates Detects and Fix Vulnerabilities Automatically
OpenAI has introduced Daybreak, a strategic initiative to change how modern software is built and defended against emerging threats. Moving away from traditional reactive patching, Daybreak focuses on making software resilient by design from the very beginning of the development…
TrickMo Android Banking Malware Targets Banking, Wallet, and Authenticator Apps
A dangerous Android banking malware known as TrickMo has resurfaced with a powerful new variant, and this time it is more stealthy, more capable, and harder to stop than ever before. The threat is actively targeting users of banking apps,…
PoC Exploit Released for Android Zero-Click Vulnerability that Enables Remote Shell Access
In a chilling blow to mobile security, Google’s May 2026 Android Security Bulletin has unmasked a catastrophic zero-click vulnerability lurking within the core Android System. The CVE-2026-0073 flaw in Android’s adbd daemon lets nearby threat actors remotely gain full shell…
New BitUnlocker Downgrade Attack on Windows 11 Allows Access to Encrypted Disks in 5 Minutes
A new tool, BitUnlocker, reveals a practical downgrade attack against Microsoft’s BitLocker encryption, allowing attackers with physical access to decrypt protected volumes on patched Windows 11 machines in under 5 minutes by exploiting a crucial gap between patching and certificate…
Hackers Abuse CVE-2026-41940 to Take Over cPanel and WHM Servers
A fatal authentication bypass vulnerability is actively affecting cPanel and WebHost Manager (WHM) servers worldwide. Tracked as CVE-2026-41940 and bearing an apocalyptic maximum severity score of 9.8, this critical flaw has essentially handed the keys to the kingdom directly to…
New BitUnlocker Downgrade Attack on Windows 11 Allows Access to Encrypted Disks Within 5 Minutes
A new tool, BitUnlocker, reveals a practical downgrade attack against Microsoft’s BitLocker encryption, allowing attackers with physical access to decrypt protected volumes on patched Windows 11 machines in under 5 minutes by exploiting a crucial gap between patching and certificate…
84 TanStack npm Packages Hacked in Ongoing Supply-Chain Attack Targeting CI Credentials
A significant supply-chain compromise affecting 84 npm package artifacts across the TanStack namespace. The malicious versions, published to the npm registry at approximately 19:20 and 19:26 UTC, contain a suspected credential-stealing payload targeting CI systems, including GitHub Actions. According to…
Hackers Use Fake DeepSeek TUI GitHub Repositories to Deliver Malware
Hackers are once again targeting developers and AI enthusiasts by impersonating popular open-source tools on GitHub. This time, the target is DeepSeek TUI, a legitimate terminal-based intelligent agent that allows users to interact with DeepSeek large language models directly from…
Hackers Use PlugX-Like DLL Sideloading Chain in Fake Claude Malware Campaign
Cybercriminals are getting creative with how they lure victims into downloading malware, and a new campaign involving a fake version of Anthropic’s Claude AI assistant is raising serious concerns. Attackers set up a convincing lookalike website to distribute a dangerous…
Google Warns of Hackers Using AI to Create Working Zero-Day Exploit
Google Threat Intelligence Group recently published an alarming report detailing the rapid industrialization of generative artificial intelligence in adversarial workflows. The most significant finding reveals that a cybercriminal syndicate successfully developed a working zero-day exploit entirely through artificial intelligence assistance.…
Popular Go Library fsnotify Raises Supply Chain Alarms After Maintainer Access Changes
A widely used Go library called fsnotify has found itself at the center of a supply chain security scare after a sudden change in maintainer access triggered alarm across the open source community. The project provides cross-platform filesystem notifications for…
Trending Hugging Face Repo With 200k Downloads Executes Malware on Windows Machines
A popular artificial intelligence repository on Hugging Face was recently found hiding dangerous malware that targeted Windows users. The repository, named “Open-OSS/privacy-filter,” had racked up over 200,000 downloads before the platform’s team stepped in and removed it. The malicious package…
Crimenetwork Takedown Exposes 22,000 Users and Over 100 Illegal Sellers
In a massive, internationally coordinated operation, the Frankfurt am Main Public Prosecutor’s Office – Central Office for Combating Internet Crime (ZIT) and the Federal Criminal Police Office (BKA) have successfully dismantled the relaunched “Crimenetwork” platform. Law enforcement officers arrested the…
ShinyHunters Breaches Instructure Canvas LMS Through Free-For-Teacher Account Program
The infamous hacking group ShinyHunters has struck again, this time targeting Instructure, the company behind Canvas Learning Management System (LMS). In early May 2026, Instructure confirmed unauthorized activity on its Canvas platform after detecting suspicious access on April 29, 2026.…
Hackers Use Weaponized JPEG File to Deploy Trojanized ScreenConnect Malware
A sophisticated new cyberattack campaign is targeting Windows systems using a fake image file to sneak dangerous malware past security defenses. The operation, named Operation SilentCanvas, tricks victims into running a malicious PowerShell script disguised as a harmless JPEG photo,…
GhostLock Attack Leverages Windows file-sharing to Lock Files Access Like Ransomware
Traditional ransomware disrupts organizations by encrypting data and demanding payment for decryption keys. However, a newly disclosed technique called GhostLock demonstrates a fundamentally different availability attack that achieves the same business disruption without writing a single encrypted byte to disk.…