New iterations of the Shai-Hulud supply chain attack have hit over 100 packages across the NPM and PyPI ecosystems, security researchers warn. Since September 2025, the self-replicating worm has been used in multiple campaigns targeting the open source software (OSS)… Read More "Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks"
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and… Read More "19 Packages Poisoned to Auto-Run Bun Credential Stealer"
A large share of UK employees have sold their corporate credentials over the past year, exposing their organization to cyber and financial crime, according to Cifas. The non-profit fraud prevention service revealed the findings in its latest Workplace Fraud Trends… Read More "One in Eight Workers Has Sold Their Corporate Logins"
The latest OpenSSL releases patch 18 vulnerabilities, including a high-severity issue that could allow remote code execution. The high-severity vulnerability, tracked as CVE-2026-45447, is a heap user-after-free bug in a function used for PKCS#7 (Public-Key Cryptography Standard #7) verification. Discovered… Read More "OpenSSL Patches High-Severity Vulnerability Found With AI"
Ravie LakshmananJun 09, 2026AI Security / Software Supply Chain Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an… Read More "Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues"
According to Dianne Penn, Anthropic’s head of product management, research, and labs, the goal was to make Mythos-level intelligence broadly available without exposing users to the risks that previously kept the technology restricted. “We wanted to be able to provide… Read More "Anthropic releases Mythos-class Fable 5 model with safeguards for cyber risks"
Security researchers have discovered an unusual new threat campaign designed to target victims of notorious cybercrime group TeamPCP. PCPJack is a credential theft framework that “worms across exposed cloud infrastructure and removes artifacts associated with TeamPCP,” according to SentinelOne senior… Read More "PCPJack Campaign Boots TeamPCP Off Compromised Machines"
Microsoft’s June 2026 Patch Tuesday updates fix roughly 200 vulnerabilities discovered in the company’s products. None of the flaws addressed this month appears to have been exploited in the wild, but three issues were publicly disclosed before Microsoft patched them.… Read More "Microsoft Patches 200 Vulnerabilities – SecurityWeek"
Ravie LakshmananJun 09, 2026Vulnerability / Backup Software Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of… Read More "Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code"
The Australian Cyber Security Centre (ACSC) has issued a warning about a malicious cyber campaign which exploits the ClickFix social engineering technique to deliver potent password-stealing malware. In the alert, issued on May 7, Australian Signals Directorate’s (ADC) ACSC warned… Read More "Australian Cyber Security Centre Issues Alert Over ClickFix Attacks"
