Shai-Hulud AntV npm Supply-Chain Wave: What Developers Should Check
Shai-Hulud returned in an AntV npm supply-chain wave affecting hundreds of packages.…
Operation Ramz Cuts Phishing and Malware Servers in MENA
INTERPOL says Operation Ramz led to 201 arrests and the seizure of…
SHub macOS Stealer Uses Fake Login Lures to Harvest Data
SentinelOne says SHub Reaper uses fake macOS security and login prompts to…
MiniPlasma Windows Zero-Day PoC Gives Local Users SYSTEM Access
A public MiniPlasma proof-of-concept shows local privilege escalation to SYSTEM on fully…
Anthropic Mythos Helped Build a macOS M5 Kernel Exploit
Calif says researchers used Anthropic’s Mythos Preview to build a local macOS…
FrostyNeighbor Targets Ukraine With PDF Lures and PicassoLoader
ESET says FrostyNeighbor is using fake Ukrtelecom-themed PDF lures, Ukrainian geofencing, JavaScript…
Device Code Phishing: Microsoft Login Trap and Token Theft
Device code phishing uses a real Microsoft login page to authorize an…
Avada Builder CVEs Put WordPress Sites at File Read and SQLi Risk
Avada Builder patched two WordPress vulnerabilities that could expose server files or…
FunnelKit Checkout Skimmer Hits WooCommerce Payment Pages
Attackers are abusing vulnerable FunnelKit/Funnel Builder installations to inject checkout skimmers into…
Microsoft Details Kazuar Botnet Used by Secret Blizzard
Microsoft published a technical analysis of Kazuar, a modular Secret Blizzard botnet…
NGINX CVE-2026-42945 Exposes Rewrite Rules to Crash and RCE Risk
CVE-2026-42945 affects NGINX rewrite rules that combine unnamed PCRE captures with question-mark…
Burst Statistics CVE-2026-8181 Exploited for WordPress Admin Takeover
Attackers are exploiting CVE-2026-8181 in the Burst Statistics WordPress plugin. Update to…
