CPU-Z and HWMonitor Malware Download: What to Check After the CPUID Compromise
Downloaded CPU-Z or HWMonitor during the CPUID compromise? Check the April 9-10 window, CRYPTBASE.dll, browser passwords, and clean up safely.
News desk
Security News
Security incidents, exploited vulnerabilities, breach reports, malware campaigns, and urgent patch notes arranged for fast daily scanning.
June 24, 2026
Latest reports
UniFi OS Patch Guide
Ubiquiti patched five UniFi OS vulnerabilities, including three CVSS 10 critical flaws. Check affected UniFi devices, fixed versions, and post-update steps.
Ghost CMS Exploit Poisons 700 Sites for ClickFix Malware
Attackers are exploiting Ghost CMS CVE-2026-26980 to inject ClickFix loaders into trusted sites. Patch Ghost, rotate API keys, and treat fake verification prompts as…
npm Staged Publishing: What Maintainers Should Change Now
npm CLI 11.15.0 adds staged publishing and new install-source controls. Here is what maintainers should enable, what CI should change, and what to check…
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited for Root Scripts
LiteSpeed says CVE-2026-48172 is being actively exploited in its user-end cPanel plugin. Hosts should update to WHM Plugin 5.3.1.0 or remove the user-end plugin…
Packagist Postinstall Malware: What Developers Should Check
A Packagist and GitHub supply-chain campaign used malicious postinstall hooks to fetch Linux malware from GitHub Releases. Check package.json, CI logs, and build tokens.
Laravel-Lang Composer Packages Rewritten to Steal CI Secrets
Laravel-Lang Composer packages were compromised through rewritten tags that run a PHP credential stealer as soon as Composer autoload is loaded.
Grafana Says Missed Token Let Attackers Copy Private Repos
Grafana says attackers copied two private GitHub repositories after one workflow token was missed during post-TanStack credential rotation.
Ghostwriter Uses Prometheus Lures to Drop OYSTERFRESH Malware
CERT-UA says Ghostwriter used compromised accounts and fake Prometheus certificate lures to target Ukrainian government entities with OYSTERFRESH malware.