1866 items
Unread (2112) All Dismissed
HIGH
CVE-2026-10873 (CVSS 7.2) — A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of t...
NVD CVE-2026-10873 1d ago
HIGH
CVE-2026-10872 (CVSS 7.2) — A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function start_vpnserve...
NVD CVE-2026-10872 1d ago
HIGH
CVE-2026-10871 (CVSS 7.2) — A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function s...
NVD CVE-2026-10871 1d ago
HIGH
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
The Hacker News supply-chainbreachesmalware +16 16d ago
INFO
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
rss:unit42 34d ago
INFO
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
rss:darkreading 24d ago
HIGH
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
The Hacker News 22d ago
HIGH
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
The Hacker News 18d ago
HIGH
Developer Workstations Are Now Part of the Software Supply Chain
The Hacker News 18d ago
HIGH
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
The Hacker News 18d ago
HIGH
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
The Hacker News 17d ago
INFO
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
SecurityWeek 16d ago
INFO
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
The Hacker News 11d ago
INFO
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
The Hacker News 7d ago
INFO
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
The Hacker News 4d ago
INFO
Red Hat npm packages compromised to steal developer credentials
BleepingComputer 4d ago
INFO
Supply Chain Attack Hits 32 Red Hat NPM Packages
SecurityWeek 3d ago
INFO
New IronWorm malware hits 36 packages in npm supply-chain attack
BleepingComputer 1d ago
INFO
Rust-Written IronWorm Hits NPM Supply Chain
rss:darkreading 1d ago
INFO
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
The Hacker News 5h ago
INFO
China's TA4922 Expands Cybercrime Attacks Globally
rss:darkreading breachesmalwarethreat-actors 1d ago
HIGH
CVE-2026-10870 (CVSS 7.2) — A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file ...
NVD CVE-2026-10870 1d ago
INFO
4 Critical Threats Where Attackers Have the Advantage
rss:darkreading breachesmalwarethreat-actors 1d ago
HIGH
CVE-2026-50292 (CVSS 7.4) — In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can ...
NVD CVE-2026-50292 1d ago
CRITICAL
CVE-2026-48040 (CVSS 9.1) — The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivi...
NVD CVE-2026-48040 1d ago
HIGH
CVE-2026-25551 (CVSS 7.8) — Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability...
NVD CVE-2026-25551 1d ago
CRITICAL
CVE-2026-25550 (CVSS 9.8) — Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vul...
NVD CVE-2026-25550 1d ago
HIGH
CVE-2026-20230 (CVSS 8.6) — A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communication...
NVD CVE-2026-20230 +1 2d ago
INFO
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
The Hacker News 1d ago
HIGH
CVE-2026-5228 (CVSS 8.8) — Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile ...
NVD CVE-2026-5228 1d ago
CRITICAL
CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability (SolarWinds Serv-U)
CISA KEV CVE-2026-28318actively-exploited +1 23h ago
HIGH
CVE-2026-28318 (CVSS 7.5) — SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service wi...
NVD 1d ago
HIGH
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
The Hacker News supply-chainbreachesmalware +81 17d ago
INFO
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
rss:cisa-advisories 24d ago
INFO
Fuji Electric Tellus
rss:cisa-advisories 24d ago
INFO
ABB AC500 V3 Multiple Vulnerabilities
rss:cisa-advisories 24d ago
INFO
Subnet Solutions PowerSYSTEM Center
rss:cisa-advisories 24d ago
INFO
ABB Automation Builder Gateway for Windows
rss:cisa-advisories 24d ago
INFO
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
rss:cisa-advisories 24d ago
INFO
Siemens Siemens ROS#
rss:cisa-advisories 22d ago
INFO
Siemens gWAP
rss:cisa-advisories 22d ago
INFO
Siemens SIMATIC
rss:cisa-advisories 22d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories 22d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories 22d ago
INFO
Siemens Simcenter Femap
rss:cisa-advisories 22d ago
INFO
Universal Robots Polyscope 5
rss:cisa-advisories 22d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories 22d ago
INFO
Siemens Teamcenter
rss:cisa-advisories 22d ago
INFO
Siemens Solid Edge
rss:cisa-advisories 22d ago
INFO
Siemens SENTRON 7KT PAC1261 Data Manager
rss:cisa-advisories 22d ago
INFO
Siemens Opcenter RDnL
rss:cisa-advisories 22d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories 22d ago
INFO
Siemens Industrial Devices
rss:cisa-advisories 22d ago
INFO
Siemens SIMATIC S7 PLC Web Server
rss:cisa-advisories 22d ago
INFO
Siemens SIPROTEC 5
rss:cisa-advisories 22d ago
INFO
Siemens SIMATIC
rss:cisa-advisories 22d ago
INFO
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
The Hacker News 19d ago
INFO
Kieback & Peter DDC Building Controllers
rss:cisa-advisories 17d ago
INFO
Siemens RUGGEDCOM APE1808 Devices
rss:cisa-advisories 17d ago
INFO
ABB CoreSense HM and CoreSense M10
rss:cisa-advisories 17d ago
INFO
ScadaBR
rss:cisa-advisories 17d ago
INFO
ZKTeco CCTV Cameras
rss:cisa-advisories 17d ago
INFO
CISA Exposes Secrets, Credentials in 'Private' Repo
rss:darkreading 17d ago
INFO
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
The Hacker News 16d ago
INFO
GitHub investigates internal repositories breach claimed by TeamPCP
BleepingComputer 16d ago
INFO
GitHub confirms breach of 3,800 repos via malicious VSCode extension
BleepingComputer 16d ago
INFO
Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)
rss:cisa-advisories 16d ago
INFO
Senator presses CISA for answers about alleged GitHub repository leak
The Record 16d ago
INFO
GitHub confirms being hacked by TeamPCP, says customer data unaffected
The Record 16d ago
INFO
Grafana breach caused by missed token rotation after TanStack attack
BleepingComputer 16d ago
INFO
GitHub Confirms Breach, 4K Internal Repos Stolen
rss:darkreading 16d ago
INFO
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
The Hacker News 15d ago
INFO
GitHub links repo breach to TanStack npm supply-chain attack
BleepingComputer 15d ago
INFO
ABB Terra AC Wallbox
rss:cisa-advisories 15d ago
INFO
ABB B&R Automation Studio
rss:cisa-advisories 15d ago
INFO
ABB B&R Automation Runtime
rss:cisa-advisories 15d ago
INFO
ABB B&R PCs
rss:cisa-advisories 15d ago
INFO
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
SecurityWeek 14d ago
INFO
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
The Hacker News 14d ago
INFO
CISA Security Leak
rss:schneier 14d ago
INFO
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Krebs 14d ago
INFO
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
The Hacker News 13d ago
INFO
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
The Hacker News 13d ago
INFO
Laravel Lang packages hijacked to deploy credential-stealing malware
BleepingComputer 13d ago
INFO
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
SecurityWeek 11d ago
INFO
ABB Terra AC
rss:cisa-advisories 10d ago
INFO
ABB LVS MConfig
rss:cisa-advisories 10d ago
INFO
ABB Ability Camera Connect
rss:cisa-advisories 10d ago
INFO
Eppendorf BioFlo 320
rss:cisa-advisories 10d ago
INFO
ABB AbilityTM Zenon Remote Transport Vulnerability
rss:cisa-advisories 10d ago
INFO
ABB AC500 V2
rss:cisa-advisories 10d ago
INFO
ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)
rss:cisa-advisories 10d ago
INFO
Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
rss:darkreading 10d ago
INFO
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
The Hacker News 9d ago
INFO
ABB EIBPORT
rss:cisa-advisories 8d ago
INFO
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
rss:cisa-advisories 8d ago
INFO
ABB Busch-Welcome 2 Wire Door Opener Actuator
rss:cisa-advisories 8d ago
INFO
Fourth Frontier Frontier X Mobile Application, Frontier X2
rss:cisa-advisories 8d ago
INFO
CP Plus 8 Ch. Network Video Recorder
rss:cisa-advisories 8d ago
INFO
XCharge C6
rss:cisa-advisories 8d ago
INFO
KMW CCTV Security Cameras
rss:cisa-advisories 8d ago
INFO
MacGregor Voyage Data Recorder (VDR) G4e
rss:cisa-advisories 8d ago
INFO
Supply Chain Compromises Impact Nx Console and GitHub Repositories
rss:cisa-advisories 8d ago
INFO
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
The Hacker News 8d ago
INFO
Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more
The Record 7d ago
INFO
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
The Hacker News 4d ago
INFO
Red Hat removes tainted packages after software pipeline compromise
The Record 3d ago
INFO
VS Code zero-day lets hackers steal GitHub tokens in one click
BleepingComputer 2d ago
INFO
NAVTOR NavBox
rss:cisa-advisories 1d ago
INFO
Hitachi Energy MACH HiDraw
rss:cisa-advisories 1d ago
INFO
Hitachi Energy ITT600 Explorer
rss:cisa-advisories 1d ago
INFO
B&R PPT30 Operating System
rss:cisa-advisories 1d ago
INFO
Hitachi Energy RTU500
rss:cisa-advisories 1d ago
INFO
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
The Hacker News 1d ago
INFO
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
The Hacker News supply-chainbreachesmalware 1d ago
INFO
Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk
SecurityWeek breachesransomwaresupply-chain 1d ago
INFO
Webinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond
SecurityWeek breachesransomwaresupply-chain 1d ago
INFO
Willow Raises $7 Million for Securing Autonomous AI Agents
SecurityWeek breachesransomwaresupply-chain 1d ago
INFO
Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs
rss:darkreading breachesmalwarethreat-actors 1d ago
HIGH
CVE-2019-25745 (CVSS 8.2) — WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability th...
NVD CVE-2019-25745 1d ago
CRITICAL
CVE-2019-25741 (CVSS 9.8) — Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerab...
NVD CVE-2019-25741 1d ago
CRITICAL
CVE-2019-25738 (CVSS 9.8) — WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allow...
NVD CVE-2019-25738 1d ago
HIGH
CVE-2019-25737 (CVSS 7.2) — Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthent...
NVD CVE-2019-25737 1d ago
HIGH
CVE-2019-25736 (CVSS 8.4) — LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to ...
NVD CVE-2019-25736 1d ago
HIGH
CVE-2019-25735 (CVSS 8.4) — AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers t...
NVD CVE-2019-25735 1d ago
HIGH
CVE-2019-25733 (CVSS 8.4) — NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that a...
NVD CVE-2019-25733 1d ago
HIGH
CVE-2019-25732 (CVSS 8.2) — PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers t...
NVD CVE-2019-25732 1d ago
HIGH
CVE-2019-25731 (CVSS 7.2) — Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated a...
NVD CVE-2019-25731 1d ago
HIGH
CVE-2019-25730 (CVSS 8.2) — Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to ...
NVD CVE-2019-25730 1d ago
CRITICAL
CVE-2019-25729 (CVSS 9.8) — PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated a...
NVD CVE-2019-25729 1d ago
HIGH
CVE-2019-25728 (CVSS 8.2) — Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to e...
NVD CVE-2019-25728 1d ago
CRITICAL
CVE-2019-25727 (CVSS 9.8) — WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows ...
NVD CVE-2019-25727 1d ago
HIGH
CVE-2019-25726 (CVSS 8.2) — All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated ...
NVD CVE-2019-25726 1d ago
INFO
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
The Hacker News supply-chainbreachesmalware 1d ago
INFO
Gemini Voice Assistant Hijacked via Messaging Notifications
SecurityWeek breachesransomwaresupply-chain +18 1d ago
INFO
VoidStealer Malware Darts Past Google Chrome's Encryption
rss:darkreading 30d ago
INFO
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
The Hacker News 23d ago
INFO
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
rss:googleprojectzero 23d ago
INFO
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
SecurityWeek 15d ago
INFO
Google accidentally exposed details of unfixed Chromium flaw
BleepingComputer 15d ago
INFO
Google API Keys Remain Active After Deletion
rss:darkreading 15d ago
INFO
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
The Hacker News 9d ago
INFO
Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks
SecurityWeek 8d ago
INFO
US charges Google security engineer with Polymarket insider trading
BleepingComputer 7d ago
INFO
Google Chrome adds session cookie theft protection for all users
BleepingComputer 7d ago
INFO
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
The Hacker News 4d ago
INFO
Google fixes one actively exploited Android zero-day, 124 flaws
BleepingComputer 3d ago
INFO
Google adds Android protection against AI deepfake scam calls
BleepingComputer 2d ago
INFO
Malicious Notifications Could Trick Google Gemini Users
rss:darkreading 2d ago
INFO
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
The Hacker News 2d ago
INFO
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
The Hacker News 2d ago
INFO
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
The Hacker News 1d ago
INFO
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
The Hacker News 1d ago
INFO
China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa
The Hacker News supply-chainbreachesmalware +10 1d ago
INFO
Middle East Cyber Battle Field Broadens — Especially in UAE
rss:darkreading 30d ago
INFO
Cyber Resilience is the New Business Continuity Plan
SecurityWeek 17d ago
INFO
Windows Zero-Day Barrage Continues After Patch Tuesday
rss:darkreading 17d ago
INFO
Identity Alone Isn't Enough: Why Device Security Has to Share the Load
BleepingComputer 16d ago
INFO
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects
SecurityWeek 11d ago
INFO
Iranian APT Targets Aviation, Software Companies With Updated Tools
SecurityWeek 10d ago
INFO
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
The Hacker News 10d ago
INFO
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
The Hacker News 8d ago
INFO
Global Stock Exchange Hit by Monthslong Email Campaign
rss:darkreading 2d ago
INFO
What 345 Days of Untested Exposure Looks Like at a Bank
BleepingComputer 2d ago
CRITICAL
CVE-2026-4104 (CVSS 9.8) — Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Auto...
NVD CVE-2026-4104 1d ago
HIGH
CVE-2026-10843 (CVSS 7.2) — A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator...
NVD CVE-2026-10843 1d ago
CRITICAL
CVE-2026-10840 (CVSS 9.6) — A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBi...
NVD CVE-2026-10840 1d ago
HIGH
CVE-2025-52612 (CVSS 7.1) — HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflect...
NVD CVE-2025-52612 1d ago
INFO
Mirasvit Vulnerability Exploited to Execute Code on Magento Servers
SecurityWeek breachesransomwaresupply-chain 1d ago
INFO
Chinese Cybercrime Group in Spotlight for Record Campaign Pace
SecurityWeek breachesransomwaresupply-chain 1d ago
INFO
Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown
SecurityWeek breachesransomwaresupply-chain 1d ago
HIGH The Hacker News Wed, 20 May 2026 05:12:06 UTC
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
https://thehackernews.com/2026/05/grafana-github-breach-exposes-source.html
TL;DR AI
Here is a 2-3 sentence summary of the article: Grafana Labs, a security analyst assistant, was breached in a supply chain attack orchestrated by TeamPCP, which accessed the organization's GitHub repository, exposing its source code and other internal data. The attack occurred on May 11, 2026, and the company has since taken steps to mitigate the breach, including rotating GitHub workflow tokens and implementing enhanced monitoring. The attack may have been an attempt to extort data from Grafana Labs, which posted the stolen data on the dark web, and may be linked to a separate incident involving CoinbaseCartel.
supply-chainbreachesmalware
Read full story ↗
Related coverage (16)
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
rss:unit42 34d ago
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
rss:darkreading 24d ago
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
The Hacker News 22d ago
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
The Hacker News 18d ago
Developer Workstations Are Now Part of the Software Supply Chain
The Hacker News 18d ago
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
The Hacker News 18d ago
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
The Hacker News 17d ago
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
SecurityWeek 16d ago
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
The Hacker News 11d ago
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
The Hacker News 7d ago
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
The Hacker News 4d ago
Red Hat npm packages compromised to steal developer credentials
BleepingComputer 4d ago
Supply Chain Attack Hits 32 Red Hat NPM Packages
SecurityWeek 3d ago
New IronWorm malware hits 36 packages in npm supply-chain attack
BleepingComputer 1d ago
Rust-Written IronWorm Hits NPM Supply Chain
rss:darkreading 1d ago
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
The Hacker News 5h ago