A compromised Nx Console extension (v18.95.0) with over 2.2 million installations was used to distribute a credential stealer that exfiltrates developer secrets and can publish signed, legitimate-looking npm packages.
Webmin is vulnerable to multiple security flaws that allow attackers to bypass two-factor authentication and execute root-level attacks, with security patches now available.
Security gaps in NGINX Open Source and NGINX Plus from F5 are being actively exploited, with one vulnerability leading to denial-of-service conditions.
Popular GitHub Actions have been hacked and redirected to malicious code versions; the malware steals CI/CD login credentials and sends them to attackers, seemingly connected to the Mini-Shai-Hulud campaign targeting npm packages.
Attackers published 639 malicious versions across 323 packages (279 from the @antv namespace) and exfiltrated credentials for AWS, Google Cloud, Azure, GitHub, and Docker access.
SHub Reaper bypasses Apple’s terminal protections through AppleScript execution, steals browser data and cryptocurrency wallet access, and spreads via fake WeChat, Miro, and QQ installers.
Interpol seized 53 malware and phishing servers across 13 MENA countries during Operation Ramz and arrested over 200 suspects affecting at least 3,867 victims.
The Canvas learning platform was taken offline after a cybercriminal gang claimed to possess data from 275 million users across nearly 9,000 educational institutions in an extortion attack.
An analysis of millions of active devices reveals a clear shift in the threat landscape: network infrastructure has become a critical risk factor, with edge hardware leading the list of endangered device types for the first time.
Leaked Shai-Hulud trojans are spreading unmodified via npm packages to steal developer credentials and cryptocurrency wallet data, with one package also featuring DDoS botnet functionality.
Following the release of Shai-Hulud worm source code, researchers warn of massive proliferation and variants; developers should strengthen security measures immediately.