npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks Software Supply Chain / DevSecOpsGitHub has rolled out new controls for npm to improve the securit... 2026-5-23 16:35:10 | 阅读: 18 | 收藏 | The Hacker News - thehackernews.com publishing staged github approve installs

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including... 2026-5-23 16:7:51 | 阅读: 23 | 收藏 | The Hacker News - thehackernews.com github malicious payload network php

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software Artificial Intelligence / VulnerabilityAnthropic on Friday disclosed that Project Glasswing has he... 2026-5-23 11:55:35 | 阅读: 71 | 收藏 | The Hacker News - thehackernews.com security software anthropic mythos

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer Supply Chain Attack / MalwareCybersecurity researchers have flagged a fresh software supply chain... 2026-5-23 09:51:13 | 阅读: 37 | 收藏 | The Hacker News - thehackernews.com php payload windows stealer microsoft

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root Vulnerability / Web SecurityA maximum-severity security vulnerability impacting LiteSpeed User-End... 2026-5-23 07:35:13 | 阅读: 52 | 收藏 | The Hacker News - thehackernews.com cpanel litespeed whm security 2026

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV Vulnerability / Website SecurityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) h... 2026-5-23 07:23:48 | 阅读: 20 | 收藏 | The Hacker News - thehackernews.com drupal security 2026 exploited injection

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups Authorities in Europe and North America have announced the dismantling of a criminal virtual priv... 2026-5-22 17:35:2 | 阅读: 20 | 收藏 | The Hacker News - thehackernews.com offered ransomware 1vpns ukraine network

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware Malware / Artificial IntelligenceThe Belarus-aligned threat actor known as Ghostwriter (aka UAC-00... 2026-5-22 16:20:32 | 阅读: 20 | 收藏 | The Hacker News - thehackernews.com oysterblues council bluesky hijacked artificial

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that... 2026-5-22 11:55:24 | 阅读: 40 | 收藏 | The Hacker News - thehackernews.com github polymarket attacker teampcp cloud

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective 1 IntroductionThis article provides a technical analysis of how many Windows kernel mode drivers... 2026-5-22 11:38:12 | 阅读: 16 | 收藏 | The Hacker News - thehackernews.com hardware mj pnp adddevice gmlxdfltr

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks Cybercrime / Law EnforcementThe U.S. Department of Justice (DoJ) on Thursday announced the arrest... 2026-5-22 08:50:18 | 阅读: 32 | 收藏 | The Hacker News - thehackernews.com kimwolf butler doj aisuru dort

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV Vulnerability / Cyber AttackThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Th... 2026-5-22 05:47:33 | 阅读: 20 | 收藏 | The Hacker News - thehackernews.com 2026 apex security attacker

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access Vulnerability / Network SecurityCisco has rolled out updates for a maximum-severity security flaw... 2026-5-22 05:36:18 | 阅读: 30 | 收藏 | The Hacker News - thehackernews.com workload security attacker exploited

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor Cyber Espionage / Threat IntelligenceCybersecurity researchers have disclosed details of a new Lin... 2026-5-21 14:17:9 | 阅读: 34 | 收藏 | The Hacker News - thehackernews.com showboat c2 security afghanistan

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories This week starts small.A token leaks. A bad package slips in. A login trick works. An old tool shows... 2026-5-21 11:52:14 | 阅读: 35 | 收藏 | The Hacker News - thehackernews.com 2026 security malicious github microsoft

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities Endpoint Security / VulnerabilityMicrosoft has disclosed that a privilege escalation and a denial-... 2026-5-21 10:55:57 | 阅读: 29 | 收藏 | The Hacker News - thehackernews.com microsoft defender attackers remote 2026

When Identity is the Attack Path Identity Security / AI SecurityConsider a cached access key on a single Windows machine. It got th... 2026-5-21 10:30:0 | 阅读: 27 | 收藏 | The Hacker News - thehackernews.com attacker cloud security exposures exposure

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remain... 2026-5-21 07:35:53 | 阅读: 19 | 收藏 | The Hacker News - thehackernews.com rds ssh qualys zerocopy zcopy

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension Supply Chain Attack / Developer ToolsGitHub on Wednesday officially confirmed that the breach of i... 2026-5-21 04:27:1 | 阅读: 24 | 收藏 | The Hacker News - thehackernews.com github security nx developer teampcp

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks Web Security / VulnerabilityDrupal has released security updates for a "highly critical" security... 2026-5-21 03:44:11 | 阅读: 32 | 收藏 | The Hacker News - thehackernews.com drupal security unsupported exploited remote