2171 items
Unread (2161) All Dismissed
HIGH
CVE-2026-43449 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bound...
NVD CVE-2026-43449 29d ago
HIGH
CVE-2026-43440 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: net/mana: Null service_wq on se...
NVD CVE-2026-43440 29d ago
HIGH
CVE-2026-43427 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: usb: class: cdc-wdm: fix reorde...
NVD CVE-2026-43427 29d ago
HIGH
CVE-2026-43426 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: fix use-aft...
NVD CVE-2026-43426 29d ago
HIGH
CVE-2026-43388 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walk_contr...
NVD CVE-2026-43388 29d ago
HIGH
CVE-2026-43386 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potenti...
NVD CVE-2026-43386 29d ago
HIGH
CVE-2026-43380 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/q54sj108a2) fix s...
NVD CVE-2026-43380 29d ago
HIGH
CVE-2026-43378 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free...
NVD CVE-2026-43378 29d ago
HIGH
CVE-2026-43328 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: fix double f...
NVD CVE-2026-43328 29d ago
HIGH
CVE-2026-41900 (CVSS 8.8) — OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3...
NVD CVE-2026-41900 30d ago
INFO
Canvas Breach Disrupts Schools & Colleges Nationwide
Krebs breachesthreat-actors 30d ago
MEDIUM
CVE-2026-8112 (CVSS 6.3) — A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affect...
NVD CVE-2026-8112 30d ago
MEDIUM
CVE-2026-41691 (CVSS 6.5) — Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that a...
NVD CVE-2026-41691 30d ago
HIGH
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
The Hacker News supply-chainbreachesmalware +3 26d ago
INFO
After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
rss:darkreading 30d ago
INFO
GitHub Confirms Hack Impacting 3,800 Internal Repositories
SecurityWeek 18d ago
INFO
The Hackers Behind Shai-Hulud: Lucky or Skilled?
rss:darkreading 11d ago
INFO
Has CISA Finally Found Its New Leader in Tom Parker?
rss:darkreading breachesmalwarethreat-actors 30d ago
INFO
'TrustFall' Convention Exposes Claude Code Execution Risk
rss:darkreading breachesmalwarethreat-actors 31d ago
INFO
AI-Driven Cyberattack on Mexico Couldn't Breach OT Systems
rss:darkreading breachesmalwarethreat-actors 31d ago
HIGH
CVE-2026-42010 (CVSS 7.1) — A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key)...
NVD CVE-2026-42010 31d ago
INFO
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
rss:unit42 CVE-2026-0300threat-actorsmalware 31d ago
INFO
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
The Hacker News supply-chainbreachesmalware +19 1d ago
INFO
VoidStealer Malware Darts Past Google Chrome's Encryption
rss:darkreading 31d ago
INFO
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
The Hacker News 25d ago
INFO
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
rss:googleprojectzero 25d ago
INFO
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
SecurityWeek 17d ago
INFO
Google accidentally exposed details of unfixed Chromium flaw
BleepingComputer 16d ago
INFO
Google API Keys Remain Active After Deletion
rss:darkreading 16d ago
INFO
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
The Hacker News 11d ago
INFO
Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks
SecurityWeek 10d ago
INFO
US charges Google security engineer with Polymarket insider trading
BleepingComputer 9d ago
INFO
Google Chrome adds session cookie theft protection for all users
BleepingComputer 9d ago
INFO
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
The Hacker News 6d ago
INFO
Google fixes one actively exploited Android zero-day, 124 flaws
BleepingComputer 5d ago
INFO
Google adds Android protection against AI deepfake scam calls
BleepingComputer 4d ago
INFO
Malicious Notifications Could Trick Google Gemini Users
rss:darkreading 4d ago
INFO
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
The Hacker News 3d ago
INFO
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
The Hacker News 3d ago
INFO
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
The Hacker News 3d ago
INFO
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
The Hacker News 3d ago
INFO
Gemini Voice Assistant Hijacked via Messaging Notifications
SecurityWeek 3d ago
INFO
Hackers Leak DentaQuest Information Impacting 2.6 Million
SecurityWeek breachesransomwaresupply-chain +11 2d ago
INFO
Instructure Breach Exposes Schools' Vendor Dependence
rss:darkreading 31d ago
INFO
ShinyHunters Claims Second Attack Against Instructure
rss:darkreading 29d ago
INFO
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
The Hacker News 26d ago
INFO
Congress Puts Heat on Instructure After Canvas Outage
rss:darkreading 22d ago
INFO
7-Eleven confirms breach after ShinyHunters claims
The Record 17d ago
INFO
7-Eleven data breach exposes personal information of 185,000 people
BleepingComputer 12d ago
INFO
185,000 Likely Impacted by 7-Eleven Data Breach
SecurityWeek 12d ago
INFO
Charter confirms data breach after ShinyHunters extortion threat
BleepingComputer 11d ago
INFO
Carnival Cruise confirms data breach affecting nearly 6 million people
BleepingComputer 10d ago
INFO
Charter Communications data breach affects 4.9 million accounts
BleepingComputer 9d ago
INFO
Charter Communications Data Breach Could Impact Nearly 5 Million
SecurityWeek 8d ago
HIGH
CVE-2026-43281 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds ...
NVD CVE-2026-43281 32d ago
INFO
From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
rss:darkreading breachesmalwarethreat-actors 32d ago
INFO
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
rss:darkreading breachesmalwarethreat-actors 32d ago
INFO
China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa
The Hacker News supply-chainbreachesmalware +10 3d ago
INFO
Middle East Cyber Battle Field Broadens — Especially in UAE
rss:darkreading 32d ago
INFO
Cyber Resilience is the New Business Continuity Plan
SecurityWeek 19d ago
INFO
Windows Zero-Day Barrage Continues After Patch Tuesday
rss:darkreading 18d ago
INFO
Identity Alone Isn't Enough: Why Device Security Has to Share the Load
BleepingComputer 17d ago
INFO
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects
SecurityWeek 13d ago
INFO
Iranian APT Targets Aviation, Software Companies With Updated Tools
SecurityWeek 11d ago
INFO
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
The Hacker News 11d ago
INFO
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
The Hacker News 9d ago
INFO
Global Stock Exchange Hit by Monthslong Email Campaign
rss:darkreading 4d ago
INFO
What 345 Days of Untested Exposure Looks Like at a Bank
BleepingComputer 3d ago
MEDIUM
CVE-2026-7573 (CVSS 5) — An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor be...
NVD CVE-2026-7573 32d ago
INFO
Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years
rss:unit42 CVE-2026-31431threat-actorsmalware 32d ago
INFO
Trellix Source Code Breach Highlights Growing Supply Chain Threats
rss:darkreading breachesmalwarethreat-actors 32d ago
HIGH
CVE-2026-43059 (CVSS 0) — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corru...
NVD CVE-2026-43059 32d ago
MEDIUM
CVE-2026-34002 (CVSS 6.1) — A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (...
NVD CVE-2026-34002 32d ago
MEDIUM
CVE-2026-34000 (CVSS 6.1) — A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry pr...
NVD CVE-2026-34000 32d ago
HIGH
CVE-2026-43616 (CVSS 7.1) — Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write ...
NVD CVE-2026-43616 33d ago
CRITICAL
CVE-2026-42796 (CVSS 9.8) — Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/c...
NVD CVE-2026-42796 33d ago
HIGH
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
The Hacker News supply-chainbreachesmalware +16 18d ago
INFO
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
rss:unit42 36d ago
INFO
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
rss:darkreading 26d ago
HIGH
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
The Hacker News 23d ago
HIGH
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
The Hacker News 20d ago
HIGH
Developer Workstations Are Now Part of the Software Supply Chain
The Hacker News 20d ago
HIGH
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
The Hacker News 19d ago
HIGH
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
The Hacker News 19d ago
INFO
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
SecurityWeek 18d ago
INFO
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
The Hacker News 13d ago
INFO
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
The Hacker News 9d ago
INFO
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
The Hacker News 5d ago
INFO
Red Hat npm packages compromised to steal developer credentials
BleepingComputer 5d ago
INFO
Supply Chain Attack Hits 32 Red Hat NPM Packages
SecurityWeek 5d ago
INFO
New IronWorm malware hits 36 packages in npm supply-chain attack
BleepingComputer 2d ago
INFO
Rust-Written IronWorm Hits NPM Supply Chain
rss:darkreading 2d ago
INFO
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
The Hacker News 1d ago
INFO
Essential Data Sources for Detection Beyond the Endpoint
rss:unit42 threat-actorsmalwarenation-state 36d ago
HIGH
CVE-2026-37540 (CVSS 8.4) — OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. ...
NVD CVE-2026-37540 36d ago
HIGH
CVE-2026-43052 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag...
NVD CVE-2026-43052 36d ago
HIGH
CVE-2026-31702 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi...
NVD CVE-2026-31702CVE-2026-23234 36d ago
HIGH
CVE-2026-31696 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing validation o...
NVD CVE-2026-31696 36d ago
HIGH
CVE-2026-43001 (CVSS 7.9) — An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate t...
NVD CVE-2026-43001 37d ago
INFO
That AI Extension Helping You Write Emails? It’s Reading Them First
rss:unit42 threat-actorsmalwarenation-state 37d ago
MEDIUM
CVE-2026-3833 (CVSS 6.5) — A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive compari...
NVD CVE-2026-3833 37d ago
HIGH
CVE-2026-33845 (CVSS 7.5) — A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero off...
NVD CVE-2026-33845 37d ago
INFO
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
Krebs breachesthreat-actors 37d ago
HIGH
CVE-2026-5781 (CVSS 8.8) — An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/updat...
NVD CVE-2026-5781 40d ago
HIGH
CVE-2026-3087 (CVSS 7.5) — If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive...
NVD CVE-2026-3087 40d ago
HIGH
CVE-2026-31686 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for k...
NVD CVE-2026-31686 40d ago
MEDIUM
CVE-2026-40514 (CVSS 5.9) — SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email...
NVD CVE-2026-40514 40d ago
HIGH
CVE-2026-32688 (CVSS 0) — Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows...
NVD CVE-2026-32688 40d ago
HIGH
CVE-2026-7101 (CVSS 8.8) — A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of ...
NVD CVE-2026-7101 41d ago
HIGH The Hacker News Tue, 12 May 2026 11:46:00 UTC
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html
TL;DR AI
Here is the summary: **What happened:** A security threat actor, TeamPCP, has compromised a series of popular packages, including TanStack, UiPath, Mistral AI, and Guardrails AI, by injecting malware into the npm and PyPI package distribution channels. The malware, disguised as "router_init.js", exfiltrates sensitive data from users' devices, including cloud providers, cryptocurrency wallets, and AI tools. **Who was affected:** The compromised packages are part of a recent wave of supply chain attacks, and 42 packages and 84 versions are impacted across the TanStack ecosystem. **Why it matters:** The exploit has been assigned a CVE-2026-45321 and carries a CVSS score of 9.6, indicating critical severity, making it a significant threat to users' data and security.
supply-chainbreachesmalware
Read full story ↗
Related coverage (3)
After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
rss:darkreading 30d ago
GitHub Confirms Hack Impacting 3,800 Internal Repositories
SecurityWeek 18d ago
The Hackers Behind Shai-Hulud: Lucky or Skilled?
rss:darkreading 11d ago