Research
-
Malicious npm packages spread self-propagating worm through stolen developer tokens
Researchers found a self-propagating npm supply chain worm in April 2026 that stole developer secrets, reused npm tokens to publish poisoned packages and also included PyPI propagation logic.
-
Harvester deploys Linux version of GoGra backdoor in South Asia targeting campaign
Harvester has deployed a Linux version of its GoGra backdoor in attacks likely aimed at South Asia, using Microsoft cloud email services as a covert control channel, according to a technical analysis by Symantec and Carbon Black Threat Hunter Team.
-
Researchers find Lotus Wiper targeting Venezuela’s energy and utilities sector
Researchers said a new wiper called Lotus Wiper hit Venezuela’s energy and utilities sector in late 2025 and early 2026, erasing recovery options and using Windows tools to destroy data across infected systems.
-
Mustang Panda-linked LOTUSLITE variant targets India banking sector
A new LOTUSLITE malware variant has been spotted in a campaign aimed at India’s banking sector, with related lures also tied to South Korean and U.S. policy communities.
-
SystemBC C2 server tied to The Gentlemen exposes 1,570 victims
Check Point Research said a SystemBC command-and-control server linked to The Gentlemen ransomware operation exposed more than 1,570 victims worldwide, underscoring how proxy malware can support larger intrusion campaigns.
-
NGate malware campaign targets Brazil through trojanized HandyPay app
Researchers found a new NGate Android malware campaign targeting Brazil since around November 2025. The trojanized HandyPay app can relay NFC payment data, capture PINs and help thieves carry out fraudulent ATM withdrawals.
-
Flaws in Lantronix and Silex converters put thousands of devices at risk
Researchers found 22 vulnerabilities in Lantronix and Silex serial-to-IP converters, with nearly 20,000 exposed online. The flaws could allow remote code execution, device takeover and tampering with industrial data.
-
Google patches Antigravity IDE flaw that could enable code execution
Google has patched a flaw in its Antigravity agentic IDE that researchers said could allow code execution through a file-search tool and a bypass of the app’s Strict Mode security controls.
-
Google patched Antigravity sandbox escape bug after prompt injection research
Google fixed an Antigravity vulnerability after researchers said prompt injection could combine with a file-creation capability to bypass secure mode and enable remote code execution in the AI developer tool.
-
Critical SGLang flaw can enable remote code execution
A critical flaw in SGLang, tracked as CVE-2026-5760 and rated 9.8, could allow remote code execution through a crafted model file and the /v1/rerank endpoint, according to a CERT/CC advisory.
