TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
The infamous TeamPCP hacking group that besieged the open source software ecosystem several times over the past half year has released the source code of…
Month: May 2026
NGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to light
NGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to light Pierluigi Paganini May 14, 2026 Researchers found a critical…
EU’s Cyber Resiliency Act will put IT leaders to the test
Although nearly everyone in SaaS alternative Cloudsmith’s recent Artifact Management Report generates SBOMs, only a quarter do that automatically rather than manually or on demand.…
Meet Andrea Colon, Restoring Peace of Mind in a Paranoid Digital World
In this edition of our “Employee Spotlight” series, I sat down with Andrea Colon, an Account Executive who sees the human side of cyber warfare…
Popular node-ipc npm package compromised to steal credentials
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The…
Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices
A newly disclosed zero-click exploit chain targeting Google Pixel 10 devices has raised fresh concerns about Android’s low-level security. Google Project Zero researchers demonstrated how…
Google Project Zero Details Pixel 10 Zero-Click Exploit Chain
A powerful zero-click exploit chain for the Pixel 10 that can take an attacker from a remote Dolby decoding bug to full kernel control through…
Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)
A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still…
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but…
Bradford datacentre with heat reuse gains planning consent
Bradford is to be the site of one of the UK’s first projects to reuse waste heat from a datacentre, after operator Deep Green this week…
OpenAI Hit by TanStack Supply Chain Attack
OpenAI has disclosed the impact of the recent TanStack supply chain attack, warning that credential material was exfiltrated from internal source code repositories. The open…
Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K
Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K Pierluigi Paganini May 15, 2026 Day two of Pwn2Own…