Cybersecurity

A new malicious npm package, "mouse5212-super-formatter," steals files from the Claude AI tool's dedicated upload directory.The malware uploads stolen data to a threat actor-controlled...

Major cybersecurity firms CrowdStrike, Google, and Shadowserver Foundation disrupted a persistent developer-targeting botnet named GlassWorm on May 27, 2026.The botnet used trojanized VS Code...

The Indian Computer Emergency Response Team (CERT-In) mandates a 12-hour patch deadline for critical vulnerabilities where feasible.The directive responds to threat actors increasingly using...

A critical vulnerability (CVE-2026-5426) in the Japanese LMS Digital Knowledge KnowledgeDeliver allowed unauthenticated remote code execution.Attackers exploited this flaw as a zero-day to deploy...

A critical SQL injection flaw (CVE-2026-26980) in Ghost CMS is being actively exploited to hijack website articles.Attackers have compromised over 700 legitimate websites across...

A coordinated supply chain attack, codenamed TrapDoor, has deployed malware across three major developer platforms: npm, PyPI, and Crates.io.The campaign targets crypto, DeFi, Solana,...

GitHub has introduced mandatory two-factor approval for npm package releases to combat software supply chain attacks.A new "staged publishing" feature requires human maintainers to...

A criminal VPN service used by at least 25 ransomware groups was dismantled in a May 2026 global operation.The service, First VPN, advertised anonymity...