News
-
GitHub Actions supply chain attack compromises issue helper tool
A supply chain attack has compromised the GitHub Actions workflow actions-cool/issues-helper, with malicious tags used to steal CI/CD credentials from runners and send them to an attacker-controlled server.
-
INTERPOL says MENA cybercrime operation leads to 201 arrests
INTERPOL said a five-month crackdown across the Middle East and North Africa led to 201 arrests, 382 additional suspects and 53 server seizures in an operation targeting phishing, malware and online scams.
-
Leaked Shai-Hulud malware resurfaces in npm infostealer campaign
Four malicious npm packages infected with a Shai-Hulud clone were published over the weekend, stealing credentials, secrets and crypto wallet data. One package also added DDoS features, and the combined downloads reached 2,678.
-
Pre-Stuxnet fast16 malware was built to tamper with nuclear simulation tests
A new technical analysis says the fast16 malware was built to tamper with nuclear weapons simulations, targeted LS-DYNA and AUTODYN, and may date to 2005, years before Stuxnet.
-
Hackers earn $1.3 million for 47 zero-days at Pwn2Own Berlin 2026
Researchers collected $1.298 million after exploiting 47 zero-day flaws at Pwn2Own Berlin 2026, which focused on enterprise technologies and artificial intelligence. DEVCORE won the contest, and vendors now have 90 days to patch the bugs.
-
Windows MiniPlasma zero-day proof of concept gives attackers SYSTEM access
A researcher has released a proof-of-concept Windows exploit called MiniPlasma that can elevate a standard account to SYSTEM on fully patched systems, according to tests on current Windows 11 builds and the disclosure.
-
NGINX flaw exploited in the wild days after disclosure, VulnCheck says
VulnCheck says CVE-2026-42945 is being exploited in the wild in NGINX Plus and NGINX Open days after disclosure. The report also cites active exploitation of critical openDCIM flaws that can be chained toward remote code execution.
-
Grafana says GitHub token breach let intruder download codebase
Grafana said a stolen token let an unauthorized party access its GitHub environment and download code. The company said no customer data was exposed and that the attacker later tried to extort payment.
-
Turla turns Kazuar backdoor into modular P2P botnet
Turla has reworked its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access, Microsoft said in a technical analysis published Thursday. The malware now uses separate Kernel, Bridge and Worker components.
-
Avada Builder WordPress flaws could expose site credentials, database data
Two flaws in the Avada Builder WordPress plugin could let attackers read server files or pull data from the database. The issues affect versions through 3.15.2 and 3.15.1, and site owners were urged to upgrade to 3.15.3.
