2141 items
Unread (2131) All Dismissed
HIGH
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
The Hacker News supply-chainbreachesmalware +16 17d ago
INFO
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
rss:unit42 35d ago
INFO
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
rss:darkreading 24d ago
HIGH
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
The Hacker News 22d ago
HIGH
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
The Hacker News 18d ago
HIGH
Developer Workstations Are Now Part of the Software Supply Chain
The Hacker News 18d ago
HIGH
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
The Hacker News 18d ago
HIGH
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
The Hacker News 18d ago
INFO
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
SecurityWeek 16d ago
INFO
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
The Hacker News 12d ago
INFO
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
The Hacker News 7d ago
INFO
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
The Hacker News 4d ago
INFO
Red Hat npm packages compromised to steal developer credentials
BleepingComputer 4d ago
INFO
Supply Chain Attack Hits 32 Red Hat NPM Packages
SecurityWeek 3d ago
INFO
New IronWorm malware hits 36 packages in npm supply-chain attack
BleepingComputer 1d ago
INFO
Rust-Written IronWorm Hits NPM Supply Chain
rss:darkreading 1d ago
INFO
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
The Hacker News 12h ago
INFO
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
The Hacker News supply-chainbreachesmalware 3d ago
INFO
Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads
SecurityWeek breachesransomwaresupply-chain +1 3d ago
INFO
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
The Hacker News 4d ago
INFO
Oracle’s First Monthly Patches Resolve 77 Vulnerabilities
SecurityWeek breachesransomwaresupply-chain 3d ago
CRITICAL
CVE-2026-8206 (CVSS 9.8) — The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable t...
NVD CVE-2026-8206 +1 4d ago
INFO
Critical Kirki flaw exploited to hijack WordPress admin accounts
BleepingComputer 3d ago
CRITICAL
CVE-2022-0492: Linux Kernel Improper Authentication Vulnerability (Linux Kernel)
CISA KEV CVE-2022-0492actively-exploited +1 4d ago
HIGH
CVE-2022-0492 (CVSS 7.8) — A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgro...
NVD 1555d ago
CRITICAL
CVE-2025-48595: Android Framework Integer Overflow Vulnerability (Android Framework)
CISA KEV CVE-2025-48595actively-exploited +2 4d ago
INFO
Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities
SecurityWeek 3d ago
INFO
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
The Hacker News 3d ago
HIGH
CVE-2026-24782 (CVSS 7.6) — Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilit...
NVD CVE-2026-24782 4d ago
INFO
Spain arrests suspected hacker for publishing personal data of police, prosecutors and cyber officials
The Record breachesransomwarenation-state 4d ago
HIGH
CVE-2025-32348 (CVSS 7.8) — In multiple locations, there is a possible background activity launch due to a missing permission ch...
NVD CVE-2025-32348 4d ago
HIGH
CVE-2025-22424 (CVSS 7.8) — In multiple locations, there is a possible way to reveal images across users due to improper input v...
NVD CVE-2025-22424 4d ago
CRITICAL
CVE-2018-25427 (CVSS 9.8) — Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to ...
NVD CVE-2018-25427 4d ago
INFO
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
BleepingComputer breachesransomwaresupply-chain 4d ago
INFO
Spain arrests doxer leaking sensitive data of govt employees
BleepingComputer breachesransomwaresupply-chain 4d ago
INFO
Anthropic to Open Mythos AI to EU's ENISA
rss:darkreading breachesmalwarethreat-actors 4d ago
INFO
Inspector general finds NIST mistakes have made vulnerability database ineffective
The Record breachesransomwarenation-state 4d ago
HIGH
CVE-2026-9330 (CVSS 8.5) — IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied...
NVD CVE-2026-9330 4d ago
CRITICAL
CVE-2026-9319 (CVSS 9) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due t...
NVD CVE-2026-9319 4d ago
CRITICAL
CVE-2026-9311 (CVSS 9) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the b...
NVD CVE-2026-9311 4d ago
CRITICAL
CVE-2026-8644 (CVSS 9.1) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
NVD CVE-2026-8644 4d ago
HIGH
CVE-2026-47294 (CVSS 8) — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex...
NVD CVE-2026-47294 4d ago
MEDIUM
CVE-2026-45284 (CVSS 4.6) — Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4...
NVD CVE-2026-45284 4d ago
CRITICAL
CVE-2026-22872 (CVSS 9.1) — Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs wi...
NVD CVE-2026-22872 4d ago
HIGH
CVE-2026-0072 (CVSS 7.8) — In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a mi...
NVD CVE-2026-0072 4d ago
HIGH
Microsoft shares mitigation for YellowKey Windows zero-day
BleepingComputer breachesransomwaresupply-chain +47 16d ago
INFO
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
The Hacker News 23d ago
INFO
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
The Hacker News 23d ago
HIGH
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
The Hacker News 22d ago
INFO
Zero-Day Exploit Against Windows BitLocker
rss:schneier 18d ago
INFO
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
The Hacker News 17d ago
INFO
The New Phishing Click: How OAuth Consent Bypasses MFA
The Hacker News 17d ago
INFO
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
SecurityWeek 17d ago
HIGH
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
SecurityWeek 17d ago
INFO
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
rss:darkreading 17d ago
HIGH
Cybercrime service disrupted for abusing Microsoft platform to sign malware
BleepingComputer 17d ago
INFO
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
The Hacker News 16d ago
INFO
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
The Hacker News 16d ago
INFO
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
SecurityWeek 16d ago
INFO
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
The Hacker News 16d ago
INFO
Microsoft warns of new Defender zero-days exploited in attacks
BleepingComputer 15d ago
INFO
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
SecurityWeek 15d ago
INFO
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.
rss:darkreading 14d ago
INFO
FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks
The Record 14d ago
INFO
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
BleepingComputer 11d ago
INFO
Microsoft: Domain Controller lookup may fail on Windows Server 2016
BleepingComputer 10d ago
INFO
Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations
SecurityWeek 10d ago
INFO
Microsoft Defender can now automatically isolate hacked endpoints
BleepingComputer 10d ago
INFO
Microsoft Issues Out-of-Band SharePoint Patch
rss:darkreading 10d ago
INFO
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
The Hacker News 9d ago
INFO
Windows 11 KB5089573 update released with performance improvements
BleepingComputer 9d ago
INFO
Microsoft fixes KB5089549 Windows security update install issues
BleepingComputer 4d ago
INFO
Microsoft confirms outage affecting MFA, My Sign-Ins platform
BleepingComputer 4d ago
INFO
Microsoft fixes outage affecting MFA setup, MySignIn service
BleepingComputer 4d ago
INFO
Microsoft says it will not pursue security researchers after zero-day backlash
The Record 4d ago
INFO
Microsoft investigates Office Apps, Teams file access issues
BleepingComputer 4d ago
INFO
Microsoft's Zero-Day Legal Threats Spark Backlash
rss:darkreading 4d ago
INFO
Microsoft Threatening Security Researcher
rss:schneier 3d ago
INFO
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
SecurityWeek 3d ago
INFO
Microsoft Exchange Online outage causes email delays, failures
BleepingComputer 3d ago
INFO
FBI-Flagged Phishing Kit Kali365 Expands Its Reach
rss:darkreading 3d ago
INFO
Microsoft's Coreutils project brings Linux commands to Windows
BleepingComputer 3d ago
INFO
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
The Hacker News 2d ago
INFO
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
SecurityWeek 2d ago
INFO
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
The Hacker News 2d ago
INFO
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
The Hacker News 2d ago
INFO
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
rss:darkreading 2d ago
INFO
VS Code Vulnerability Allows One-Click GitHub Token Theft
SecurityWeek 1d ago
INFO
Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process
The Record 1d ago
INFO
Microsoft blames unexpected Windows driver updates on caching issue
BleepingComputer 1d ago
INFO
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The Hacker News 1d ago
INFO
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
The Hacker News 17h ago
INFO
Chinese APT deploys new malware to keep access to hacked networks
BleepingComputer 11h ago
INFO
NSA selects new leads for key cybersecurity posts
The Record breachesransomwarenation-state 4d ago
CRITICAL
CVE-2026-8732 (CVSS 9.8) — The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account...
NVD CVE-2026-8732 +1 7d ago
INFO
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
SecurityWeek 4d ago
INFO
Dashlane password manager users locked out by brute force attacks
BleepingComputer breachesransomwaresupply-chain 4d ago
INFO
Dutch Police Dismantle Massive 17-Million-Device Botnet
SecurityWeek breachesransomwaresupply-chain +2 4d ago
INFO
Dutch govt disrupts malware botnet with 17 million infected devices
BleepingComputer 7d ago
INFO
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
The Hacker News 5d ago
INFO
Hacking Meta’s AI Chatbot
rss:schneier analysispolicy +4 1d ago
INFO
Tech giants promise British regulator they will tweak platforms to protect kids online
The Record 15d ago
INFO
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
Krebs 4d ago
INFO
Meta AI Hands Over High-Profile Instagram Accounts to Hackers
SecurityWeek 3d ago
INFO
Instagram users locked out after Meta AI abused to steal accounts
BleepingComputer 3d ago
HIGH
CVE-2026-10270 (CVSS 8.8) — A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprin...
NVD CVE-2026-10270 4d ago
INFO
WordPress malware campaign hides payloads in Steam profiles
BleepingComputer breachesransomwaresupply-chain 4d ago
INFO
Vulnerability Disclosure in the Age of AI
rss:schneier analysispolicy 4d ago
HIGH
CVE-2026-10263 (CVSS 7.3) — A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affect...
NVD CVE-2026-10263 4d ago
HIGH
CVE-2026-10262 (CVSS 7.3) — A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown fun...
NVD CVE-2026-10262 4d ago
HIGH
CVE-2026-10261 (CVSS 7.3) — A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the fi...
NVD CVE-2026-10261 4d ago
HIGH
CVE-2026-10260 (CVSS 7.3) — A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown ...
NVD CVE-2026-10260 4d ago
HIGH
CVE-2026-10259 (CVSS 8.8) — A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is th...
NVD CVE-2026-10259 4d ago
INFO
Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs
SecurityWeek CVE-2026-41089breachesransomware 4d ago
INFO
Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit
rss:darkreading breachesmalwarethreat-actors 4d ago
INFO
Race Against Time: Why Faster Vulnerability Alerts Matter
BleepingComputer breachesransomwaresupply-chain 4d ago
INFO
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
The Hacker News supply-chainbreachesmalware 4d ago
HIGH
CVE-2026-10253 (CVSS 7.3) — A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown...
NVD CVE-2026-10253 4d ago
HIGH
CVE-2026-10252 (CVSS 7.3) — A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affe...
NVD CVE-2026-10252 4d ago
HIGH
CVE-2026-10251 (CVSS 7.3) — A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element ...
NVD CVE-2026-10251 4d ago
INFO
Dragos Acquires xIoT Security Firm Phosphorus
SecurityWeek breachesransomwaresupply-chain 4d ago
HIGH The Hacker News Wed, 20 May 2026 05:12:06 UTC
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
https://thehackernews.com/2026/05/grafana-github-breach-exposes-source.html
TL;DR AI
Here is a 2-3 sentence summary of the article: Grafana Labs, a security analyst assistant, was breached in a supply chain attack orchestrated by TeamPCP, which accessed the organization's GitHub repository, exposing its source code and other internal data. The attack occurred on May 11, 2026, and the company has since taken steps to mitigate the breach, including rotating GitHub workflow tokens and implementing enhanced monitoring. The attack may have been an attempt to extort data from Grafana Labs, which posted the stolen data on the dark web, and may be linked to a separate incident involving CoinbaseCartel.
supply-chainbreachesmalware
Read full story ↗
Related coverage (16)
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
rss:unit42 35d ago
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
rss:darkreading 24d ago
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
The Hacker News 22d ago
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
The Hacker News 18d ago
Developer Workstations Are Now Part of the Software Supply Chain
The Hacker News 18d ago
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
The Hacker News 18d ago
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
The Hacker News 18d ago
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
SecurityWeek 16d ago
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
The Hacker News 12d ago
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
The Hacker News 7d ago
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
The Hacker News 4d ago
Red Hat npm packages compromised to steal developer credentials
BleepingComputer 4d ago
Supply Chain Attack Hits 32 Red Hat NPM Packages
SecurityWeek 3d ago
New IronWorm malware hits 36 packages in npm supply-chain attack
BleepingComputer 1d ago
Rust-Written IronWorm Hits NPM Supply Chain
rss:darkreading 1d ago
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
The Hacker News 12h ago