Research
-
Researchers disclose critical SEPPMail gateway flaws that could allow remote code execution
Researchers disclosed seven critical flaws in SEPPMail Secure E-Mail Gateway that could allow remote code execution and reading of arbitrary mail. SEPPmail has issued fixes across recent versions, including patches for multiple CVEs rated above 9.0.
-
GitHub Actions supply chain attack compromises issue helper tool
A supply chain attack has compromised the GitHub Actions workflow actions-cool/issues-helper, with malicious tags used to steal CI/CD credentials from runners and send them to an attacker-controlled server.
-
Leaked Shai-Hulud malware resurfaces in npm infostealer campaign
Four malicious npm packages infected with a Shai-Hulud clone were published over the weekend, stealing credentials, secrets and crypto wallet data. One package also added DDoS features, and the combined downloads reached 2,678.
-
Pre-Stuxnet fast16 malware was built to tamper with nuclear simulation tests
A new technical analysis says the fast16 malware was built to tamper with nuclear weapons simulations, targeted LS-DYNA and AUTODYN, and may date to 2005, years before Stuxnet.
-
Hackers earn $1.3 million for 47 zero-days at Pwn2Own Berlin 2026
Researchers collected $1.298 million after exploiting 47 zero-day flaws at Pwn2Own Berlin 2026, which focused on enterprise technologies and artificial intelligence. DEVCORE won the contest, and vendors now have 90 days to patch the bugs.
-
Windows MiniPlasma zero-day proof of concept gives attackers SYSTEM access
A researcher has released a proof-of-concept Windows exploit called MiniPlasma that can elevate a standard account to SYSTEM on fully patched systems, according to tests on current Windows 11 builds and the disclosure.
-
NGINX flaw exploited in the wild days after disclosure, VulnCheck says
VulnCheck says CVE-2026-42945 is being exploited in the wild in NGINX Plus and NGINX Open days after disclosure. The report also cites active exploitation of critical openDCIM flaws that can be chained toward remote code execution.
-
Turla turns Kazuar backdoor into modular P2P botnet
Turla has reworked its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access, Microsoft said in a technical analysis published Thursday. The malware now uses separate Kernel, Bridge and Worker components.
-
Four OpenClaw flaws could enable data theft and persistence, researchers say
Researchers disclosed four OpenClaw flaws that could be chained for data theft, privilege escalation and persistence. The issues were fixed in version 2026.4.22, and users were advised to update.
-
Malicious node-ipc versions found stealing cloud and developer secrets
Three malicious node-ipc npm versions were found stealing developer and cloud secrets, according to a technical analysis by Socket. The code targets dozens of credential types and uses a direct exfiltration path to a fake Azure domain.
