A cybercrime crew running an operation now dubbed **WP-SHELLSTORM** made a costly mistake: they left their own command-and-control server exposed on the public internet for three weeks. Researchers wh
OpenAI flooded the zone yesterday — new model family, a shuttered browser, a fresh desktop superapp — but a leadership exit and an explosive copyright allegation ensured the product news didn't land c
The [Injective Labs SDK on npm has been infected with a cryptocurrency wallet stealer](https://www.bleepingcomputer.com/news/security/injective-sdk-on-npm-infected-with-cryptocurrency-wallet-stealer/)
Malicious packages impersonating official SDKs for [Paysafe, Skrill, and Neteller](https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/) were publ
The day's security anchor is a Citizen Lab report confirming that a sitting MEP on the committee investigating commercial spyware was infected with Pegasus while that investigation was active. Simulta
Researchers at JFrog have identified a fresh wave of malicious npm packages linked to North Korean threat actors that impersonate legitimate Rollup polyfill tooling. The packages — `rollup-packages-po
Jamf Threat Labs has disclosed a new macOS information stealer — dubbed **PamStealer** — that tricks users into downloading a malicious compiled AppleScript (`.scpt`) file disguised as Maccy, a widely
An unpatched Kubernetes attack surface is today's lead, with a separate campaign confirming that security researchers themselves are increasingly primary targets.
Threat actors have seeded GitHub with weaponized proof-of-concept exploit repositories that silently install a Python-based remote access trojan called ChocoPoc, [according to BleepingComputer](https:
A maximum-severity vulnerability in SimpleHelp remote support software is being exploited in the wild right now, and the payload is ugly: credential-stealing malware with no patch lag between disclosu
Security researchers have documented a working attack technique in which a GitHub repository appears entirely clean — passing both automated security scans and human code review — yet executes a malic
Cybersecurity researchers have confirmed a new wave of the Miasma supply chain campaign — linked to the same threat actor behind the Mini Shai-Hulud and Hades malware families — that has [compromised
Microsoft has disclosed a newly discovered malware family dubbed **Crypto Clipper** — a self-propagating backdoor that spreads via USB drives, silently intercepts cryptocurrency transactions, and rout
Attackers have compromised ShapedPlugin's plugin update delivery infrastructure, pushing malware-laced releases directly to WordPress sites through the vendor's own official update system. [Multiple S
Three widely-deployed WordPress plugins — **PushEngage**, **OptinMonster**, and **TrustPulse** — had their JavaScript assets silently tampered with by an attacker, turning trusted plugin files into a
Attackers this week compromised more than 400 packages in the [Arch User Repository (AUR)](https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html), rewriting their `PKGBUILD` scripts
A new supply chain campaign called **Shai-Hulud** has compromised 19 science-focused packages on the Python Package Index, [according to BleepingComputer](https://www.bleepingcomputer.com/news/securit
Active nation-state threat activity just expanded its reach. Volexity has attributed a new campaign to **VerdantBamboo**, a China-nexus cyber espionage group, now deploying three malware families agai
A self-replicating worm called **Miasma** has been confirmed active inside Microsoft's GitHub presence, hitting 73 repositories across four organizations: **Azure**, **Azure-Samples**, **Microsoft**,
A Chinese-speaking threat actor has expanded operations into Europe, deploying a previously undocumented remote access trojan called Atlas alongside an additional backdoor component, according to [Ble
A large-scale malware campaign called **WeedHack** has compromised more than 116,000 systems running Minecraft since January 2026, according to [BleepingComputer](https://www.bleepingcomputer.com/news
Russia-linked **Gamaredon** (also tracked as Armageddon, Shuckworm, UAC-0010) is [actively weaponizing CVE-2025-8088](https://thehackernews.com/2026/06/gamaredon-exploits-winrar-to-deliver.html), a pa
A threat actor tracked as **DriveSurge** is actively compromising thousands of websites and injecting malicious JavaScript that delivers malware to visitors through two well-worn but effective techniq
More than 30 npm packages under Red Hat's `@redhat-cloud-services` namespace were compromised in a confirmed supply-chain attack, [per BleepingComputer](https://www.bleepingcomputer.com/news/security/
A supply chain attack campaign dubbed **Miasma** has compromised dozens of packages published under Red Hat's official `@redhat-cloud-services` npm organization, injecting a credential-stealing, self-
Dutch authorities — the National Police (*Politie*) and the National Cyber Security Center (NCSC) — have [announced the takedown of a large-scale botnet](https://thehackernews.com/2026/05/dutch-author
Dutch authorities have [taken offline a massive botnet comprising 17 million infected devices](https://www.bleepingcomputer.com/news/security/dutch-govt-disrupts-malware-botnet-with-17-million-infecte
Anthropic today sealed a $65 billion round at a valuation approaching a trillion dollars and confirmed its most capable models are coming to the public — while Blue Origin's New Glenn rocket turned a
Between March and April 2026, the North Korean state-sponsored group Kimsuky (also tracked as Velvet Chollima) [ran a targeted campaign](https://thehackernews.com/2026/05/kimsuky-deploys-httpspy-expan
A previously unknown threat actor, tracked as **JINX-0164**, is running an active campaign against cryptocurrency organizations — using fake recruitment outreach to deliver custom macOS malware with t
Threat actors are running a coordinated cryptojacking campaign that has found a novel distribution channel: poisoning search engine results and manipulating AI chatbot responses to steer victims towar
Security researchers at OX Security have [identified a malicious package on the npm registry](https://thehackernews.com/2026/05/malicious-npm-package-stole-files-from.html) named **`mouse5212-super-fo
A credential-stealing malware campaign is actively targeting Laravel developers through a supply chain attack on the **Laravel Lang** family of localization packages. According to [BleepingComputer](h