News
-
Webworm adds Discord and Microsoft Graph backdoors in new 2025 campaign
Webworm used new backdoors in 2025 that relied on Discord and Microsoft Graph API for command and control, according to an ESET technical analysis. The group also expanded its proxy tools and targeted government and enterprise networks in Asia and Europe.
-
Drupal warns of critical security update later today
Drupal plans a core security update later today and warned that exploits could follow within hours. The advisory affects core versions 8 and later, with fixes planned for supported releases and hotfixes for some older branches.
-
GitHub investigates claim of internal repository theft after TeamPCP listing
GitHub said it is investigating unauthorized access to internal repositories after TeamPCP claimed it was selling source code and internal data. The company said it has no evidence of customer impact outside internal repositories.
-
Microsoft disrupts malware-signing service tied to ransomware groups
Microsoft said it disrupted a malware-signing service that abused its Artifact Signing platform to issue more than 1,000 fraudulent certificates used by ransomware gangs and other cybercriminals.
-
CISA left GitHub repo with passwords and keys exposed for six months
CISA left a public GitHub repository exposed for six months, revealing passwords, keys and tokens in production infrastructure files. GitGuardian found the leak on May 14 and the agency removed the repo the next day.
-
Trapdoor Android ad fraud scheme hit millions of devices, researchers say
Researchers said Trapdoor used Android utility apps, hidden WebViews and HTML5 cashout domains to drive ad fraud at scale. Google removed the identified apps after disclosure, and the campaign had reached millions of downloads.
-
Linux kernel flaw gets proof of concept as distributions move on security fixes
Proof-of-concept code has been released for DirtyDecrypt, a Linux kernel flaw tied to CVE-2026-31635. The issue can allow local privilege escalation on systems with CONFIG_RXGK enabled, including some Fedora, Arch Linux, and openSUSE builds.
-
Researchers disclose critical SEPPMail gateway flaws that could allow remote code execution
Researchers disclosed seven critical flaws in SEPPMail Secure E-Mail Gateway that could allow remote code execution and reading of arbitrary mail. SEPPmail has issued fixes across recent versions, including patches for multiple CVEs rated above 9.0.
-
Compromised Nx Console VS Code extension targeted developers in supply chain breach
A compromised Nx Console VS Code extension spread credential-stealing malware to developers after being published on the Microsoft marketplace. The incident affected more than 2.2 million installations and prompted update and credential-rotation warnings.
-
GitHub Actions supply chain attack compromises issue helper tool
A supply chain attack has compromised the GitHub Actions workflow actions-cool/issues-helper, with malicious tags used to steal CI/CD credentials from runners and send them to an attacker-controlled server.
