tokens
-
Hackers Exploit Next.js React2Shell Vulnerability, Breach 766 Hosts in 24 Hours
Hackers are abusing a critical React2Shell vulnerability in Next.js applications to run an automated credential‑theft operation that has already compromised…
Read More » -
Critical Claude Code Flaw Silently Bypasses User-Configured Security Rules
Anthropic’s flagship AI coding agent, Claude Code, contains a critical security flaw that silently bypasses developer-configured safety rules. The vulnerability…
Read More » -
Hackers Launch Social Engineering Offensive Against Key Node.js Maintainers
Following the high-profile supply chain compromise of the widely used Axios package, a highly coordinated social engineering campaign has been…
Read More » -
Top 10 Best Identity And Access Management (IAM) Companies 2026
In the rapidly evolving digital landscape of 2026, Identity and Access Management (IAM) has transcended its traditional role to become…
Read More » -
Hackers Weaponize Venom Stealer via ClickFix Lures for Massive Data Exfiltration
Hackers are escalating from basic social engineering to comprehensive data theft operations, with the newly identified Venom Stealer malware exemplifying…
Read More » -
OpenSSH 10.3 Released With Patch for Shell Injection and Other Security Bugs
The OpenSSH project has released version 10.3 alongside its portable version 10.3p1. This major update followed a brief testing phase…
Read More » -
Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps
Microsoft hasdetailed how organizations can detect and mitigate a recent supply chain compromise involving malicious Axios npm releases and infrastructure…
Read More » -
PoC Exploit Code Published for nginx-ui Backup Restore Security Flaw
A critical security flaw in the nginx-ui backup restore mechanism, tracked as CVE-2026-33026, allows attackers to manipulate encrypted backups and…
Read More » -
North Korean Hackers Breach Axios Package, Target Windows, macOS, and Linux Systems
A North Korea–nexus threat actor hijacked the popular Axios NPM package in a high‑impact software supply chain attack, deploying a…
Read More » -
EvilTokens Launches New Phishing Service Targeting Microsoft Accounts
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that industrialises Microsoft account takeover by abusing the OAuth device code flow rather…
Read More » -
Exposed Server Leaks TheGentlemen Ransomware Toolkit, Credentials, and Ngrok Tokens
A fully operational TheGentlemen ransomware toolkit has been discovered by researchers on an exposed server, revealing victim credentials, ngrok tokens,…
Read More » -
Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack
Aqua Security’s vulnerability scanner, Trivy, faced a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, exploited prior…
Read More » -
New Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 Hours
New research highlights how infostealer malware can rapidly convert a single careless click into full credential exposure on dark web…
Read More » -
Tycoon2FA Operators Resume Cloud Account Phishing Following Infrastructure Disruption
Tycoon 2FAoperators have restarted large-scale cloud account phishing just days after law enforcement and industry partners disrupted the platform’s core…
Read More » -
Oblivion RAT Masquerades as Play Store Update to Spy on Android Users
A newly discovered Android remote access trojan (RAT) called Oblivion RAT is raising concerns across the mobile threat landscape. Marketed…
Read More » -
MioLab MacOS Stealer Expands With ClickFix, Wallet Theft, Team APIs
As Apple’s macOS footprint grows in both consumer and enterprise environments, dedicated infostealers like MioLab (aka Nova) demonstrate that Macs…
Read More » -
SEO Poisoning Campaign Uses Fake Popular Apps to Deliver AsyncRAT
An ongoing SEO poisoning campaign abuses search results to trick users into downloading trojanized installers for more than 25 popular…
Read More » -
AstraZeneca Data Breach Allegedly Claimed by LAPSUS$ as Internal Data Access Reported
The notorious hacking collective known as LAPSUS$ has resurfaced, allegedly claiming responsibility for a significant data breach involving multinational pharmaceutical…
Read More »