Bitwarden NPM Package Hit in Supply Chain Attack
The Bitwarden command-line interface (CLI) NPM package was compromised in a supply chain attack that appears tied to previous campaigns against the open source software…
Author: Cybernoz
U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini April 25, 2026 U.S. Cybersecurity and Infrastructure Security Agency…
Malicious pgserve, automagik developer tools found in npm registry
In addition, she said, developers need tooling that checks whether what is published to npm actually matches what is in the source repository. “Not all…
CIS Controls Security Awareness Training
CIS Controls Security Awareness Training The CIS Controls require organizations to implement a security awareness training program as part of Control 14. Huntress’ fun security…
Threat actor uses Microsoft Teams to deploy new “Snow” malware
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named “Snow,” which includes a browser extension, a tunneler,…
New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions
PhantomRPC, a newly identified architectural vulnerability in Windows Remote Procedure Call (RPC) that enables local privilege escalation to SYSTEM-level access, potentially affecting every version of…
Void Dokkaebi Hackers Spread Malware Through Fake Job Interviews
Void Dokkaebi, also known as Famous Chollima, is expanding its cyber operations by turning fake job interviews into a large-scale malware distribution campaign targeting developers.…
Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers
Linux distributions have spent the past few years absorbing GPU vendor toolchains, Rust-based system components, and more stringent encryption defaults. Ubuntu 26.04 LTS, codenamed Resolute…
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than…
Microsoft faces court battle in £2bn Windows Server class action
A case seeking compensation for approximately 59,000 businesses and organisations using the Microsoft Windows Server operating system in non-Microsoft public clouds is going ahead. The…
Vulnerabilities Patched in CrowdStrike, Tenable Products
CrowdStrike and Tenable informed customers this week about potentially serious vulnerabilities found and patched in their products. CrowdStrike published an advisory for CVE-2026-40050, a critical…
Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox
Firefox uses a defense-in-depth strategy, with internal red teams applying multiple layers of “overlapping defenses” and automated analysis techniques, he explained. Teams run each website…