Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension, security researchers report.…
Author: Cybernoz
A Malicious VS Code Extension Just Breached GitHub ‘s Internal Repositories
A malicious VS code extension just breached GitHub ‘s internal repositories Pierluigi Paganini May 20, 2026 One employee installed a trojanized VS Code extension. Result:…
The quest for greater tech independence
The Trump administration’s shift in tone and approach toward traditional allies has understandably unsettled many nations, raising doubts about U.S. reliability and concerns over dependence…
How a single image takes control of a Mac
Introduction ExifTool is a widely adopted utility for reading and writing metadata in image, PDF, audio, and video files. It is available both as a…
Why some security fixes never reach your vulnerability dashboard
Notice what CVE actually does, though. It doesn’t tell anyone to patch a flaw. The flaw was a 90-minute window in which a publishing pipeline…
AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communities
A finance employee joins a video call with their CFO and several colleagues. The request is routine. The faces match. The voices sound authentic. Minutes…
Tenable’s key takeaways from the Verizon DBIR (2026)
The 2026 Verizon Data Breach Investigations Report (DBIR) reveals a troubling trend: vulnerability exploitation has surged to become the number one initial access vector while…
GitHub confirms breach of 3,800 repos via malicious VSCode extension
GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. The company has since…
Fox Tempest Malware-Signing Service Abused Microsoft Artifact Signing to Certify Malware
A financially motivated threat actor known as Fox Tempest has been operating a sophisticated malware-signing-as-a-service (MSaaS) platform that abused Microsoft’s Artifact Signing infrastructure to generate…
Securing the AI Supply Chain in the European Union
The European Union’s AI strategy is entering a new phase. What began as a commitment to “trustworthy AI,” grounded in ethics and human rights, is…
Void Botnet Leverages Ethereum for Resilient C2
A newly identified botnet, named Void, is leveraging Ethereum smart contracts to build a resilient, hard-to-disrupt command-and-control (C2) infrastructure, marking a continued evolution in blockchain-enabled…
Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM
Torrance, United States / California, May 19th, 2026, CyberNewswire Criminal IP has announced its return to Infosecurity Europe 2026 with a focus on delivering more…