tokens

March 21, 2026

Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials

Ahighly sophisticated supply chain attack has successfully compromised the official Trivy GitHub Actions repository, severely impacting continuous integration environments. Discovered…
Read More »
March 19, 2026

Pyronut Package Backdoors Telegram Bots With RCE

Malicious ‘Pyronut’ is a trojanized Python package that backdoors Telegram bots and userbots, giving attackers remote code execution over both…
Read More »
March 18, 2026

Apple WebKit Security Flaw Exposes iOS and macOS Users to Content-Based Bypass Attacks

Apple released emergency security patches to address a critical WebKit flaw currently exposing iPhone, iPad, and Mac users to sophisticated…
Read More »
March 18, 2026

ForceMemo Hijacks GitHub Accounts, Backdoors Python Repos

ForceMemo represents an active campaign targeting GitHub accounts and Python repositories, leveraging force-pushed commits to silently implant malware. Utilizing GlassWorm’s…
Read More »
March 17, 2026

GitGuardian Reports 81% Surge in AI-Service Leaks on GitHub

In 2025, Developer Commits Using Claude Code Show 3.2% Secret Leak Rate vs. 1.5% Baseline. The Human Factor Remains Critical…
Read More »
March 16, 2026

Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories

Zach Rice, the original creator of the widely popular secret scanning tool Gitleaks, has officially launched its successor, Betterleaks. Sponsored…
Read More »
March 14, 2026

GlassWorm Spreads via 72 Malicious Open VSX Extensions Hidden in Transitive Dependencies

The GlassWorm malware campaign has advanced significantly, escalating its attacks on software developers. Instead of embedding malware directly into initial…
Read More »
March 12, 2026

New ClickFix Attacks Target macOS Users with MacSync Infostealer

A new wave of ClickFix campaigns are targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in…
Read More »
March 11, 2026

UNC6426 Hackers Exploit NPM Package to Gain AWS Admin Access in 72 Hours

Attackers turned a routine NPM update into a direct path to full AWS administrator access in under 72 hours, highlighting…
Read More »
March 9, 2026

Fake CleanMyMac Site Spreads SHub Stealer, Targets Crypto Wallets

Hackers are leveraging a counterfeit CleanMyMac download site to deploy SHub Stealer on macOS users, a potent infostealer that compromises…
Read More »
March 9, 2026

BoryptGrab Malware Abuses GitHub to Steal Browser and Crypto Wallet Data

A new Windows stealer dubbed BoryptGrab is being distributed through a large, ongoing campaign abusing fake GitHub repositories that pose as free…
Read More »
March 9, 2026

Nginx UI Vulnerabilities Let Attackers Download Full System Backups

A critical security flaw has been identified in Nginx UI that permits unauthorized threat actors to download and decrypt entire…
Read More »
March 4, 2026

AI Accelerates High-Velocity Cyber Attacks

Cyberattacks are shifting from “breaking in” to simply “logging in,” with AI now automating high-speed operations that overwhelm human defenders.…
Read More »
March 4, 2026

AzCopy Utility Misused for Data Exfiltration in Ongoing Ransomware Attacks

Ransomware operators are increasingly abusing Microsoft’s trusted Azure data transfer utility, AzCopy, to quietly exfiltrate sensitive data before encryption, turning…
Read More »
March 3, 2026

New Starkiller Phishing Framework Uses Real Login Pages to Bypass MFA Security

A new phishing framework called Starkiller is raising the bar for “phishing-as-a-service” by serving victims the real login pages of major brands through attacker…
Read More »
December 23, 2025

Arcane Werewolf Hacker Group Expands Arsenal with Loki 2.1 Malware Toolkit

The cyber espionage group known as Arcane Werewolf (also tracked as Mythic Likho) has significantly upgraded its offensive capabilities, targeting…
Read More »
December 22, 2025

Microsoft Brokering File System Vulnerability Enables Local Privilege Escalation

Microsoft has recently patched a critical vulnerability in its Brokering File System (BFS) driver, which could have allowed attackers to…
Read More »
December 16, 2025

PCPcat Malware Leverages React2Shell Vulnerability to Breach 59,000+ Servers

A sophisticated attack campaign attributed to a group identifying as “PCP” has compromised 59,128 servers in less than 48 hours…
Read More »
December 6, 2025

Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data

A hidden danger has been lurking in the Go programming ecosystem for over four years. Security researchers from the Socket…
Read More »
December 5, 2025

Corporate Users 3x More Likely Targeted by Phishing Than Malware – SpyCloud Report

Austin, TX, USA, December 4th, 2025, CyberNewsWire Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures.…
Read More »

Previous page Next page