node-ipc npm Package Compromised With Credential Stealer
Malicious node-ipc versions 9.1.6, 9.2.3, and 12.0.1 were published to npm with…
KongTuke Uses Microsoft Teams Help-Desk Lures to Drop ModeloRAT
KongTuke moved from web-based ClickFix lures into external Microsoft Teams chats, using…
Fragnesia CVE-2026-46300 Gives Linux Attackers Root Access
Fragnesia is a separate Linux kernel flaw in the Dirty Frag class.…
West Pharmaceutical Cyberattack Stole Data and Encrypted Systems
West Pharmaceutical disclosed a material cyberattack involving data exfiltration, encrypted systems, and…
YellowKey BitLocker Bypass PoC Targets TPM-Only Windows 11 Drives
A public YellowKey proof-of-concept claims a BitLocker bypass path on Windows 11…
Microsoft Word Preview Pane RCE Bugs Put Outlook Users at Risk
Microsoft patched two critical Word RCE bugs where the Preview Pane is…
Fortinet Fixes Critical RCE Flaws in FortiAuthenticator and FortiSandbox
Fortinet patched critical unauthenticated RCE flaws in FortiAuthenticator and FortiSandbox, making exposure…
RubyGems Pauses Signups After Malicious Package Attack
RubyGems disabled new account registration after reports of hundreds of malicious packages,…
Exim CVE-2026-45185 Dead.Letter Can Lead to Mail Server RCE
Exim 4.99.3 fixes CVE-2026-45185 Dead.Letter, a GnuTLS/BDAT use-after-free that can expose internet-facing…
Mini Shai-Hulud Hits TanStack npm Packages With Signed Malware
Mini Shai-Hulud abused trusted publishing to ship malicious TanStack npm packages with…
TrickMo.C Android Banker Turns Phones Into Proxy Nodes
TrickMo.C moves Android banking malware control to TON/.adnl and adds proxy/pivot features,…
Checkmarx Jenkins Plugin Compromise Put CI Secrets at Risk
A rogue Checkmarx AST Scanner Jenkins plugin release put CI/CD source code…