4+ hour, 12+ min ago  (641+ words) Rescana Megalodon Supply Chain Attack: Team PCP Compromises 5, 561 Git Hub Repositories via Malicious CI/CD Workflows A sophisticated and highly automated supply chain attack, designated as the Megalodon campaign, has compromised 5, 561 public Git Hub repositories by injecting malicious CI/CD…...

8+ hour, 20+ min ago  (341+ words) First VPN'accepted payments via Bitcoin, Perfect Money, Webmoney, Ego Pay, and Inter Kass, with subscription durations ranging from one day ($2) to one year ($483). Technical support was provided through a self-hosted Jabber server and encrypted Telegram messaging (The Hacker News). The…...

10+ hour, 20+ min ago  (735+ words) Active Exploitation Alert: Laravel Lang PHP Packages Compromised in Supply Chain Attack to Deploy Credential-Stealing Malware Rescana Active Exploitation Alert: Laravel Lang PHP Packages Compromised in Supply Chain Attack to Deploy Credential-Stealing Malware A critical supply chain attack has compromised…...

3+ day, 1+ hour ago  (702+ words) Rescana Git Hub Internal Repositories Breached via Compromised Nx Console VS Code Extension: 2026 Supply Chain Cybersecurity Incident Analysis On May 18, 2026, a compromised version of the Nx Console Visual Studio Code extension was published to the official marketplace, resulting in a…...

3+ day, 1+ hour ago  (520+ words) Microsoft Defender Zero-Day Vulnerabilities Red Sun and Un Defend Actively Exploited on Windows 10, 11, and Server (April 2026 CVE Analysis) Rescana In April 2026, two critical zero-day vulnerabilities'Red Sun and Un Defend'were discovered in Microsoft Defender, the default endpoint protection suite for Windows…...

3+ day, 1+ hour ago  (407+ words) Publication Date: June 2024 A notable example is the discovery of CVE-2025-9478, a critical use-after-free vulnerability in the ANGLE'graphics library. Big Sleep'flagged this issue autonomously, after which human researchers at Google'verified and patched the flaw. This workflow'AI-driven discovery followed by human…...

3+ day, 2+ hour ago  (335+ words) The vulnerability, tracked as CVE-2024-55638, is classified as a Deserialization of Untrusted Data (CWE-502) and Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915). It affects Drupal Core'versions 7. x prior to 7. 102, 8. 0. 0 and above prior to 10. 2. 11, and 10. 3. 0 prior to 10. 3. 9. The patched versions…...

1+ week, 4+ day ago  (197+ words) CMMC is knocking on your door: What to do about it? Level 2 is based on DFARS (Defense Federal Acquisition Regulation Supplement) 252. 204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting'including 110 controls from NIST SP 800-171 R2, which has been superseded in May 2024 by…...

2+ week, 6+ hour ago  (153+ words) Indicators of Compromise (IOCs): Shiny Hunters published a list of affected institutions and a data leak site, both of which are only accessible from sandboxed environments and require caution. No malware hashes or other technical artifacts have been published. The…...

2+ week, 6+ hour ago  (475+ words) Technical Evidence: According to the ABW report and corroborating media sources, attackers accessed administrator accounts and altered settings linked to pumps and alarms. In several cases, they could modify device operating parameters in real time, creating a direct and concrete…...