cyber·news

HIGH

CVE-2026-32687 (CVSS 7.8) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...

NVD CVE-2026-32687 25d ago

INFO

Attackers Weaponize RubyGems for Data Dead Drops

rss:darkreading breachesmalwarethreat-actors +2 24d ago

INFO

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

The Hacker News 25d ago

INFO

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

The Hacker News 25d ago

INFO

Hugging Face Packages Weaponized With a Single File Tweak

rss:darkreading breachesmalwarethreat-actors 25d ago

INFO

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

The Hacker News supply-chainbreachesmalware 25d ago

INFO

20 Leaders Who Built the CISO Era: 2 Decades of Change

rss:darkreading breachesmalwarethreat-actors 26d ago

HIGH

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

The Hacker News supply-chainbreachesmalware +81 19d ago

INFO

ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax

rss:cisa-advisories 26d ago

INFO

Fuji Electric Tellus

rss:cisa-advisories 26d ago

INFO

ABB AC500 V3 Multiple Vulnerabilities

rss:cisa-advisories 26d ago

INFO

Subnet Solutions PowerSYSTEM Center

rss:cisa-advisories 26d ago

INFO

ABB Automation Builder Gateway for Windows

rss:cisa-advisories 26d ago

INFO

ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities

rss:cisa-advisories 26d ago

INFO

Siemens Siemens ROS#

rss:cisa-advisories 24d ago

INFO

Siemens gWAP

rss:cisa-advisories 24d ago

INFO

Siemens SIMATIC

rss:cisa-advisories 24d ago

INFO

Siemens Ruggedcom Rox

rss:cisa-advisories 24d ago

INFO

Siemens Ruggedcom Rox

rss:cisa-advisories 24d ago

INFO

Siemens Simcenter Femap

rss:cisa-advisories 24d ago

INFO

Universal Robots Polyscope 5

rss:cisa-advisories 24d ago

INFO

Siemens Ruggedcom Rox

rss:cisa-advisories 24d ago

INFO

Siemens Teamcenter

rss:cisa-advisories 24d ago

INFO

Siemens Solid Edge

rss:cisa-advisories 24d ago

INFO

Siemens SENTRON 7KT PAC1261 Data Manager

rss:cisa-advisories 24d ago

INFO

Siemens Opcenter RDnL

rss:cisa-advisories 24d ago

INFO

Siemens Ruggedcom Rox

rss:cisa-advisories 24d ago

INFO

Siemens Industrial Devices

rss:cisa-advisories 24d ago

INFO

Siemens SIMATIC S7 PLC Web Server

rss:cisa-advisories 24d ago

INFO

Siemens SIPROTEC 5

rss:cisa-advisories 24d ago

INFO

Siemens SIMATIC

rss:cisa-advisories 24d ago

INFO

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

The Hacker News 21d ago

INFO

Kieback & Peter DDC Building Controllers

rss:cisa-advisories 19d ago

INFO

Siemens RUGGEDCOM APE1808 Devices

rss:cisa-advisories 19d ago

INFO

ABB CoreSense HM and CoreSense M10

rss:cisa-advisories 19d ago

INFO

ScadaBR

rss:cisa-advisories 19d ago

INFO

ZKTeco CCTV Cameras

rss:cisa-advisories 19d ago

INFO

CISA Exposes Secrets, Credentials in 'Private' Repo

rss:darkreading 18d ago

INFO

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

The Hacker News 18d ago

INFO

GitHub investigates internal repositories breach claimed by TeamPCP

BleepingComputer 18d ago

INFO

GitHub confirms breach of 3,800 repos via malicious VSCode extension

BleepingComputer 18d ago

INFO

Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)

rss:cisa-advisories 18d ago

INFO

Senator presses CISA for answers about alleged GitHub repository leak

The Record 18d ago

INFO

GitHub confirms being hacked by TeamPCP, says customer data unaffected

The Record 17d ago

INFO

Grafana breach caused by missed token rotation after TanStack attack

BleepingComputer 17d ago

INFO

GitHub Confirms Breach, 4K Internal Repos Stolen

rss:darkreading 17d ago

INFO

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

The Hacker News 17d ago

INFO

GitHub links repo breach to TanStack npm supply-chain attack

BleepingComputer 17d ago

INFO

ABB Terra AC Wallbox

rss:cisa-advisories 17d ago

INFO

ABB B&R Automation Studio

rss:cisa-advisories 17d ago

INFO

ABB B&R Automation Runtime

rss:cisa-advisories 17d ago

INFO

ABB B&R PCs

rss:cisa-advisories 17d ago

INFO

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

SecurityWeek 16d ago

INFO

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

The Hacker News 16d ago

INFO

CISA Security Leak

rss:schneier 15d ago

INFO

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Krebs 15d ago

INFO

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

The Hacker News 14d ago

INFO

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

The Hacker News 14d ago

INFO

Laravel Lang packages hijacked to deploy credential-stealing malware

BleepingComputer 14d ago

INFO

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

SecurityWeek 13d ago

INFO

ABB Terra AC

rss:cisa-advisories 12d ago

INFO

ABB LVS MConfig

rss:cisa-advisories 12d ago

INFO

ABB Ability Camera Connect

rss:cisa-advisories 12d ago

INFO

Eppendorf BioFlo 320

rss:cisa-advisories 12d ago

INFO

ABB AbilityTM Zenon Remote Transport Vulnerability

rss:cisa-advisories 12d ago

INFO

ABB AC500 V2

rss:cisa-advisories 12d ago

INFO

ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)

rss:cisa-advisories 12d ago

INFO

Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos

rss:darkreading 11d ago

INFO

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

The Hacker News 10d ago

INFO

ABB EIBPORT

rss:cisa-advisories 10d ago

INFO

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter

rss:cisa-advisories 10d ago

INFO

ABB Busch-Welcome 2 Wire Door Opener Actuator

rss:cisa-advisories 10d ago

INFO

Fourth Frontier Frontier X Mobile Application, Frontier X2

rss:cisa-advisories 10d ago

INFO

CP Plus 8 Ch. Network Video Recorder

rss:cisa-advisories 10d ago

INFO

XCharge C6

rss:cisa-advisories 10d ago

INFO

KMW CCTV Security Cameras

rss:cisa-advisories 10d ago

INFO

MacGregor Voyage Data Recorder (VDR) G4e

rss:cisa-advisories 10d ago

INFO

Supply Chain Compromises Impact Nx Console and GitHub Repositories

rss:cisa-advisories 10d ago

INFO

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

The Hacker News 9d ago

INFO

Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more

The Record 8d ago

INFO

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

The Hacker News 6d ago

INFO

Red Hat removes tainted packages after software pipeline compromise

The Record 4d ago

INFO

VS Code zero-day lets hackers steal GitHub tokens in one click

BleepingComputer 4d ago

INFO

NAVTOR NavBox

rss:cisa-advisories 3d ago

INFO

Hitachi Energy MACH HiDraw

rss:cisa-advisories 3d ago

INFO

Hitachi Energy ITT600 Explorer

rss:cisa-advisories 3d ago

INFO

B&R PPT30 Operating System

rss:cisa-advisories 3d ago

INFO

Hitachi Energy RTU500

rss:cisa-advisories 3d ago

INFO

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

The Hacker News 2d ago

INFO

Software Bill of Materials for AI - Minimum Elements

rss:cisa-advisories actively-exploitedadvisories 26d ago

INFO

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

The Hacker News supply-chainbreachesmalware 26d ago

HIGH

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

The Hacker News supply-chainbreachesmalware +3 26d ago

INFO

After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets

rss:darkreading 30d ago

INFO

GitHub Confirms Hack Impacting 3,800 Internal Repositories

SecurityWeek 18d ago

INFO

The Hackers Behind Shai-Hulud: Lucky or Skilled?

rss:darkreading 11d ago

HIGH

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

The Hacker News supply-chainbreachesmalware +16 18d ago

INFO

The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)

rss:unit42 36d ago

INFO

Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

rss:darkreading 26d ago

HIGH

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

The Hacker News 23d ago

HIGH

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

The Hacker News 20d ago

HIGH

Developer Workstations Are Now Part of the Software Supply Chain

The Hacker News 20d ago

HIGH

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

The Hacker News 19d ago

HIGH

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

The Hacker News 19d ago

INFO

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

SecurityWeek 18d ago

INFO

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

The Hacker News 13d ago

INFO

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

The Hacker News 9d ago

INFO

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

The Hacker News 5d ago

INFO

Red Hat npm packages compromised to steal developer credentials

BleepingComputer 5d ago

INFO

Supply Chain Attack Hits 32 Red Hat NPM Packages

SecurityWeek 5d ago

INFO

New IronWorm malware hits 36 packages in npm supply-chain attack

BleepingComputer 2d ago

INFO

Rust-Written IronWorm Hits NPM Supply Chain

rss:darkreading 2d ago

INFO

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

The Hacker News 1d ago

INFO

Copy.Fail Linux Vulnerability

rss:schneier analysispolicy 26d ago

INFO

Why Agentic AI Is Security's Next Blind Spot

The Hacker News supply-chainbreachesmalware 26d ago

INFO

Hackers Leak DentaQuest Information Impacting 2.6 Million

SecurityWeek breachesransomwaresupply-chain +11 2d ago

INFO

Instructure Breach Exposes Schools' Vendor Dependence

rss:darkreading 31d ago

INFO

ShinyHunters Claims Second Attack Against Instructure

rss:darkreading 29d ago

INFO

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

The Hacker News 26d ago

INFO

Congress Puts Heat on Instructure After Canvas Outage

rss:darkreading 22d ago

INFO

7-Eleven confirms breach after ShinyHunters claims

The Record 17d ago

INFO

7-Eleven data breach exposes personal information of 185,000 people

BleepingComputer 12d ago

INFO

185,000 Likely Impacted by 7-Eleven Data Breach

SecurityWeek 12d ago

INFO

Charter confirms data breach after ShinyHunters extortion threat

BleepingComputer 11d ago

INFO

Carnival Cruise confirms data breach affecting nearly 6 million people

BleepingComputer 10d ago

INFO

Charter Communications data breach affects 4.9 million accounts

BleepingComputer 9d ago

INFO

Charter Communications Data Breach Could Impact Nearly 5 Million

SecurityWeek 8d ago

MEDIUM

CVE-2026-1185 (CVSS 5.4) — A configuration file on the local file system had improper input validation which could allow code e...

NVD CVE-2026-1185 26d ago

MEDIUM

CVE-2026-0804 (CVSS 6.7) — An ACAP configuration file lacked sufficient input validation, which could allow a path traversal at...

NVD CVE-2026-0804 26d ago

MEDIUM

CVE-2026-0802 (CVSS 6) — An ACAP configuration file lacked sufficient input validation, which could allow command injection a...

NVD CVE-2026-0802 26d ago

MEDIUM

CVE-2026-0541 (CVSS 6.7) — ACAP applications can gain elevated privileges due to improper input validation during the installat...

NVD CVE-2026-0541 26d ago

INFO

Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools

rss:unit42 threat-actorsmalwarenation-state 26d ago

INFO

FCC Softens Ban on Foreign-Made Routers

rss:darkreading breachesmalwarethreat-actors 26d ago

INFO

Tech Can't Stop These Threats — Your People Can

rss:darkreading breachesmalwarethreat-actors 26d ago

HIGH

CVE-2026-7790 (CVSS 0) — Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Exce...

NVD CVE-2026-7790 26d ago

CRITICAL

CVE-2026-7210 (CVSS 9.8) — `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding pro...

NVD CVE-2026-7210 26d ago

CRITICAL

CVE-2026-43995 (CVSS 9.8) — Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3....

NVD CVE-2026-43995 26d ago

HIGH

CVE-2026-42349 (CVSS 8.1) — Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect...

NVD CVE-2026-42349 26d ago

HIGH

CVE-2026-7818 (CVSS 7) — Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session mana...

NVD CVE-2026-7818 26d ago

HIGH

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

The Hacker News supply-chainbreachesmalware +19 20d ago

INFO

'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros

rss:darkreading 26d ago

INFO

It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight

rss:darkreading 25d ago

INFO

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

The Hacker News 25d ago

INFO

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud

The Hacker News 25d ago

INFO

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

The Hacker News 22d ago

INFO

Can Laws Stop Deepfakes? South Korea Aims to Find Out

rss:darkreading 20d ago

INFO

Processes and Culture Top Reasons Behind Data Breaches

rss:darkreading 17d ago

INFO

When Identity is the Attack Path

The Hacker News 17d ago

INFO

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The Hacker News 16d ago

INFO

Meta settles school district lawsuit claiming addictive design harmed students' mental health

The Record 15d ago

INFO

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

The Hacker News 15d ago

INFO

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

The Hacker News 12d ago

INFO

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Hacker News 12d ago

INFO

RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries

SecurityWeek 11d ago

INFO

California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach

SecurityWeek 9d ago

INFO

California AG sues 23andMe over 2023 breach exposing health data

BleepingComputer 8d ago

INFO

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs

SecurityWeek 3d ago

INFO

Chrome 149 Patches 429 Vulnerabilities

SecurityWeek 2d ago

INFO

EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers

The Record 1d ago

INFO

Hackers Use AI for Exploit Development, Attack Automation

rss:darkreading breachesmalwarethreat-actors 26d ago

MEDIUM

CVE-2025-9973 (CVSS 6.4) — Due to not validating the organization context when executing adaptive authentication flows, the WSO...

NVD CVE-2025-9973 26d ago

HIGH

CVE-2025-10470 (CVSS 8.6) — The Magic Link authentication flow accepts multiple invalid authentication requests without adequate...

NVD CVE-2025-10470 26d ago

INFO

Cyber Espionage Group Targets Aviation Firms to Steal Map Data

rss:darkreading breachesmalwarethreat-actors 27d ago

INFO

LLMs and Text-in-Text Steganography

rss:schneier analysispolicy 27d ago

MEDIUM

CVE-2025-8325 (CVSS 6.3) — The software fails to enforce role-based access controls for certain Gateway API invocations. Users ...

NVD CVE-2025-8325 27d ago

MEDIUM

CVE-2025-8154 (CVSS 5.3) — In Webhook API invocations, the component accepts user-supplied input for HTTP request headers witho...

NVD CVE-2025-8154 27d ago

CRITICAL

CVE-2026-42298 (CVSS 10) — Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability...

NVD CVE-2026-42298 29d ago

HIGH

CVE-2026-44400 (CVSS 8.1) — MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in ...

NVD CVE-2026-44400 29d ago

INFO

Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia

rss:schneier analysispolicy 29d ago

HIGH

CVE-2026-7807 (CVSS 8.1) — SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /a...

NVD CVE-2026-7807 29d ago

CRITICAL

CVE-2026-41889 (CVSS 9.8) — pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when ...

NVD CVE-2026-41889 29d ago

HIGH

CVE-2026-43967 (CVSS 0) — Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated...

NVD CVE-2026-43967 29d ago

HIGH

CVE-2026-42793 (CVSS 0) — Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allo...

NVD CVE-2026-42793 29d ago

HIGH

CVE-2026-43460 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-f...

NVD CVE-2026-43460 29d ago

HIGH

CVE-2026-43458 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty->link re...

NVD CVE-2026-43458 29d ago

HIGH

CVE-2026-43453 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: fix ...

NVD CVE-2026-43453 29d ago

HIGH

CVE-2026-43450 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_cthelper: ...

NVD CVE-2026-43450 29d ago

Prev Page 33 / 44 Next

INFO rss:darkreading Wed, 13 May 2026 21:09:20 UTC

Attackers Weaponize RubyGems for Data Dead Drops

https://www.darkreading.com/application-security/attackers-weaponize-rubygems-data-dead-drops

TL;DR

Threat actors are publishing RubyGems packages that include scrapers targeting public-facing UK government servers, but with no clear objective.

breachesmalwarethreat-actorssupply-chain

Read full story ↗