1+ day, 4+ hour ago  (307+ words) A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a Git Hub Releases URL. "Although the affected packages were all Composer packages, the malicious code…...

1+ day, 3+ hour ago  (330+ words) Git Hub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the…...

1+ day, 8+ hour ago  (538+ words) Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10, 000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswing is an effort…...

1+ day, 10+ hour ago  (359+ words) Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - "The timing and pattern of the newly published tags point…...

1+ day, 12+ hour ago  (347+ words) A maximum-severity security vulnerability impacting Lite Speed User-End c Panel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10. 0), relates to an instance of incorrect privilege assignment that an attacker could abuse to…...

1+ day, 12+ hour ago  (309+ words) The U. S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 (CVSS score: 6. 5), an…...

2+ day, 2+ hour ago  (552+ words) Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. The disruption of First VPN…...

2+ day, 2+ hour ago  (270+ words) The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151 Ukraine's National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the…...

2+ day, 7+ hour ago  (699+ words) Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5, 718 malicious commits to 5, 561 Git Hub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected Git…...

2+ day, 8+ hour ago  (1665+ words) The reader is expected to have basic Windows driver knowledge, especially regarding device objects. The rest of this article is written with the assumption that the reader is already familiar with the concepts described in the introduction article: Anatomy of…...