Attackers adopted orphaned AUR packages to push credential-stealing malware with kernel-level rootkit capabilities. Here's what Arch users need to do now.
GitHub announces breaking changes for npm 12 releasing next month. Install scripts, Git dependencies, and remote URLs now require explicit approval to combat malicious packages.
11-nation operation shuts down €336M cryptocurrency laundering service. Two operators arrested in Georgia, 25 domains seized, and over 6,000 money mule accounts exposed.
BlackFog researchers detail OnyxC2 MaaS stealer pricing at $250/month. Targets browsers, crypto wallets, password managers with DLL sideloading delivery that bypasses VirusTotal detection.
ReliaQuest uncovers OP-512 threat cluster targeting Windows IIS servers with three-part web shell framework. Each deployment is unique, self-reporting, and timestamps itself to evade forensics.
Microsoft releases CVE-2026-42897 fix for Exchange Server OWA XSS vulnerability exploited since May. ESU-only updates for 2016/2019 leave many systems exposed.
CVE-2026-7473 lets attackers bypass tunnel security controls on Arista network devices. CISA added it to KEV—but Arista says patching would 'break existing configurations.'
Attackers exploited an unauthenticated API endpoint to query ServiceNow customer instances. The company received a bug report in April but didn't patch until June 5—after exploitation began.
CVE-2026-5027 allows unauthenticated attackers to write arbitrary files on Langflow servers. Patch to version 1.10.0 immediately—attackers are already exploiting exposed instances.
Oracle issues emergency patch for CVE-2026-35273 (CVSS 9.8) as ShinyHunters claims to have stolen data from 300 PeopleSoft instances. Nottingham University among confirmed victims.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.