Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Tag: EN
Do children spend more time online during summer break?
Yes, they do. As the school year is about to end, more and more children will spend more time staring at screens while busy parents… The post Do children spend more time online during summer break? appeared first on Panda…
Hackers Hide Linux Malware in SSH-Like Package Filename
Hackers have been observed disguising a malicious Linux payload under an SSH-like filename during software installation, as part of a coordinated supply chain attack targeting developer ecosystems. The attack hinges on a hidden post-install script embedded inside package.json, rather than the expected composer.json used in…
FBI director Kash Patel’s brand website taken offline after malware reports
FBI director site went offline after a hack used a fake Cloudflare page to trick users into running a ClickFix attack that installed malware. The merchandise website of FBI director Kash Patel (basedapparel[.]com) was taken offline on Friday after reports…
Hackers Use Browser-Locking CypherLoc Kit to Push Fake Microsoft Support Calls
A newly identified scareware kit called CypherLoc is locking victims’ browsers and tricking them into calling fake Microsoft support lines. The kit has been linked to roughly 2.8 million attacks since the start of 2026, making it one of the…
GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks
GitHub has introduced a major security upgrade to the npm ecosystem with the general availability of staged publishing and new install-time controls, aimed at reducing automated supply chain attacks targeting open-source packages. The newly released staged publishing feature changes how…
CISA Warns of Drupal Core SQL Injection Vulnerability Exploited in Attacks
CISA has issued an urgent alert regarding a critical SQL injection vulnerability in Drupal Core, tracked as CVE-2026-9082, which is now being actively exploited in real-world attacks. The flaw, classified under CWE-89, affects Drupal’s database abstraction API and could allow…
A week in security (May 18 – May 24)
A list of topics we covered in the week of May 18 to May 24 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (May 18 – May 24)
Anthropic to release Mythos-class models to the public
AI flaw-finder still under lock and key for now while company figures out guardrails, but made available to more users including governments This article has been indexed from www.theregister.com – Articles Read the original article: Anthropic to release Mythos-class models…
Drupal KEV addition, Underminr revives domain fronting, Canadian KimWolf arrest
CISA adds Drupal Core flaw to KEV Underminr hides malicious connections behind trusted domains Canadian man charged with running KimWolf DDoS botnet Check out your show notes here: https://cisoseries.com/cybersecurity-news-drupal-kev-addition-underminr-revives-domain-fronting-canadian-kimwolf-arrest/ Huge thanks to our sponsor, Guardsquare Mobile app security isn’t just…
Social Platforms Settle School Suit, Averting Trial
Meta, Snap, TikTok, YouTube settle first of 1,200 cases by school districts seeking compensation for child mental health harms This article has been indexed from Silicon UK Read the original article: Social Platforms Settle School Suit, Averting Trial
Post Office Names Contractors To Replace Fujitsu, Horizon
Accenture, One View Commerce to take over management of Fujitsu’s Horizon, develop replacement for ‘disastrous’ IT system This article has been indexed from Silicon UK Read the original article: Post Office Names Contractors To Replace Fujitsu, Horizon
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May…
Iranian APT Uses SEO Poisoning to Spread Fake SQL Developer Malware
A newly observed cyber campaign linked to the Iranian IRGC-affiliated threat group Nimbus Manticore (also tracked as UNC1549) highlights an evolution in both delivery tactics and malware sophistication. The activity, uncovered during the ongoing geopolitical conflict tied to Operation Epic…
GitHub Strengthens npm Security With Staged Publishing Protection
GitHub has introduced a major security enhancement to the npm ecosystem with the general availability of staged publishing and new install-time controls in npm CLI version 11.15.0. These updates are designed to reduce software supply chain risks, particularly those arising…
Hackers Compromise 34 npm, PyPI, and Crates Packages in Major Supply Chain Attack
Hackers have launched a large-scale software supply chain attack targeting developers across npm, PyPI, and Crates.io, compromising at least 34 open-source packages and hundreds of associated versions. Security researchers at Socket are tracking the campaign as “TrapDoor,” a crypto-focused credential…
Kazuar Malware Becomes Modular Spyware for Secret Blizzard Ops
A major evolution in the Kazuar malware family, a long-standing cyber espionage tool linked to the Russian state-sponsored threat group Secret Blizzard, also known as Turla and Venomous Bear. Kazuar historically supported espionage campaigns targeting government, diplomatic, and defense sectors.…
Lessons for organizations from the Verizon 2026 Data Breach Investigations Report
This is my favourite time of the year, not just because spring is here and the promise of summer is on the way. But also, because one of my must reads each year gets published. There are a few must…
Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability
Written by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek Introduction In late 2025, Mandiant responded to a security incident involving a compromised web server running KnowledgeDeliver. KnowledgeDeliver is a Learning Management System (LMS) developed by Digital Knowledge commonly used in Japan.…
2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services
Written by: Jamie Collier While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language underground. Google Threat Intelligence Group (GTIG) analyzed a dozen current PhaaS offerings in the Chinese underground,…