Automated Megalodon campaign pushed 5,718 malicious commits to GitHub repos on May 18, injecting CI/CD workflows that exfiltrate cloud credentials, SSH keys, and secrets. SafeDep links it to TeamPCP.
Attackers compromised 700+ versions of Laravel-Lang PHP packages via tag poisoning, deploying a sophisticated stealer targeting cloud credentials, crypto wallets, and browser data. Packagist pulled affected versions.
CVE-2026-23918 in Apache HTTP Server 2.4.66 lets attackers crash workers trivially or achieve remote code execution through a double-free in mod_http2. Upgrade to 2.4.67 immediately.
Ubiquiti releases emergency patches for three maximum-severity vulnerabilities in UniFi OS that allow unauthenticated remote attackers to take full control of network appliances. 100,000 devices exposed.
Canadian authorities arrest 23-year-old Jacob Butler for operating the KimWolf IoT botnet. The DDoS-for-hire operation enslaved nearly 2 million devices and set volumetric attack records.
China-linked Calypso group targets telecoms across Middle East and Asia Pacific with new Linux and Windows malware. Showboat provides SOCKS5 proxy access; JFMBackdoor enables full system control.
Leaked Shai-Hulud malware source code fuels new npm supply chain attack. Four malicious packages steal credentials and deploy DDoS bot with TCP/UDP flood capabilities.
Cisco patches CVE-2026-20223, a maximum-severity REST API vulnerability in Secure Workload enabling unauthenticated attackers to gain Site Admin privileges across tenants.
A Chromium bug reported in 2022 that turns browsers into silent botnets was accidentally exposed on Google's issue tracker. No patch exists despite 'fixed' status.
ESET exposes Webworm's EchoCreep and GraphWorm backdoors targeting European governments. The China-aligned APT uses Discord and OneDrive for C2, hitting Belgium, Italy, Poland, and Spain.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.