Cybercrime
-
Checkmarx says LAPSUS$ leaked data from stolen GitHub repository
Checkmarx said LAPSUS$ leaked 96GB of data stolen from its private GitHub repository after a March 23 compromise linked to a supply chain attack. The company said it has not found customer information so far.
-
VECT 2.0 ransomware flaw can make files unrecoverable, researchers say
Researchers say VECT 2.0 ransomware can permanently destroy files larger than 131,072 bytes on Windows, Linux and ESXi systems, making recovery impossible even for victims who pay. The group has only two listed victims so far.
-
Robinhood fixes account creation flaw used to send phishing emails
Robinhood said attackers abused a flaw in its account creation flow to send phishing emails from a legitimate company address. The company said no customer accounts, personal information or funds were impacted.
-
Medtronic confirms network breach after hackers claim theft of 9 million records
Medtronic said hackers breached corporate IT systems and may have accessed personal data after ShinyHunters claimed theft of more than 9 million records and terabytes of internal data.
-
Researchers flag 73 fake VS Code extensions tied to GlassWorm campaign
Researchers flagged 73 fake Visual Studio Code extensions on Open VSX tied to the GlassWorm campaign. Six were confirmed malicious, while the rest were sleeper packages designed to build trust before delivering malware.
-
Fake CAPTCHA scam used SMS charges, Keitaro abused in 120 campaigns
Researchers said fake CAPTCHA pages have been used since at least 2020 to trigger costly international SMS traffic, while more than 120 other campaigns abused Keitaro TDS for malware, crypto theft and investment scams.
-
UNC6692 Uses Microsoft Teams Help Desk Impersonation to Push Custom Malware
UNC6692 used Microsoft Teams help desk impersonation, email bombing and a custom malware chain to target corporate users, according to Mandiant. The activity included credential harvesting, remote access, tunneling and later-stage network movement.
-
Vercel Finds More Customer Accounts Compromised After Security Incident
Vercel said it found additional customer accounts compromised in a security incident that exposed its internal systems, but did not say how many were affected. The company linked the breach to a compromised Context.ai account used by a Vercel employee.
-
Malicious npm packages spread self-propagating worm through stolen developer tokens
Researchers found a self-propagating npm supply chain worm in April 2026 that stole developer secrets, reused npm tokens to publish poisoned packages and also included PyPI propagation logic.
-
Mirai campaign targets unpatched D-Link router flaw
A Mirai-based malware campaign is exploiting CVE-2025-29635 in end-of-life D-Link DIR-823X routers, according to Akamai. The attacks download a shell script that installs botnet malware and also target other router flaws.
