npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
Ravie LakshmananMay 23, 2026Software Supply Chain / DevSecOps GitHub has rolled out new controls for npm to improve the security of the software supply chain,…
Ravie LakshmananMay 23, 2026Software Supply Chain / DevSecOps GitHub has rolled out new controls for npm to improve the security of the software supply chain,…
CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Pierluigi Paganini May 23, 2026 Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082…
The vulnerability stems from a race condition between the code ChromaDB uses to parse embedding model references and the code it uses to perform an…
Spyware attacks on journalists, human rights defenders, and political dissidents are no longer rare or exotic. In early 2025, WhatsApp notified roughly 90 users —…
This post, as is the norm for emerging threats, is a developing article and may be subject to change as the Huntress team learns more…
Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. Unlike…
A multi-stage intrusion attack where a threat actor exploited an internet-facing F5 BIG-IP edge appliance as the entry point for a widespread, identity-focused attack that…
A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being actively exploited in the wild, enabling any authenticated cPanel user to…
The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion…
Ravie LakshmananMay 23, 2026Artificial Intelligence / Vulnerability Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across…
Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Dubbed Underminr, the issue is a…
Why pure extortion is replacing traditional ransomware Pierluigi Paganini May 23, 2026 Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data,…