TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails… Read More »Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find… Read More »OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
American educational technology company Instructure, the parent company of Canvas, said it reached an “agreement” with a decentralized cybercrime extortion group after it breached its network and threatened to leak… Read More »Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a “cross-industry effort” to replace traditional SMS… Read More »iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. “If you are using Checkmarx Jenkins AST plugin, you need to ensure… Read More »TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits… Read More »cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first… Read More »Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died… Read More »⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten… Read More »Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room
A malicious Hugging Face repository managed to take a spot in the platform’s trending list by impersonating OpenAI’s Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows… Read More »Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads