Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets
The software supply chain is under siege from “Shai Hulud v2,” a sophisticated malware campaign that has compromised 834 packages across the npm and Maven…
Category: CyberSecurityNews
Dead Man’s Switch – Widespread npm Supply Chain Attack Driving Malware Attacks
GitLab’s Vulnerability Research team has uncovered a large-scale supply chain attack spreading a destructive malware variant through the npm ecosystem. The malware, an evolved version…
Qilin RaaS Exposed 1 Million Files and 2 TB of Data Linked to Korean MSP Breach
The “Korean Leaks” campaign has emerged as one of the most sophisticated supply chain attacks targeting South Korea’s financial sector in recent memory. This operation…
Free WormGPT Variant Leveraging DeepSeek, Gemini, and Kimi-K2 AI Models
KawaiiGPT emerges as an accessible, open-source tool that mimics the controversial WormGPT, providing unrestricted AI assistance via jailbroken large language models. Hosted on GitHub with…
North Korean Hackers Exploiting npm, GitHub, and Vercel to Deliver OtterCookie Malware
A major security threat has emerged targeting software developers worldwide. North Korean state-sponsored threat actors, operating under the “Contagious Interview” campaign, are systematically spreading malicious…
ByteToBreach Cybercriminal Selling Sensitive Global Data from Airlines, Banks, and Governments
A cybercriminal operating under the alias ByteToBreach has emerged as a notable threat actor in the underground market, actively selling and leaking sensitive data from…
Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain
A critical security vulnerability has been discovered in the Angular framework that could allow attackers to steal sensitive user security tokens. The vulnerability, tracked as CVE-2025-66035,…
Malicious Chrome Extension Silently Steal and Injects Hidden SOL Fees Into Solana Swaps
A new threat has emerged in the Solana trading community. Security researchers have discovered a malicious Chrome extension named Crypto Copilot that appears to offer…
Threat Actors Leverage Fake Update Lures to Deliver SocGholish Malware
Threat actors continue to exploit a dangerous vulnerability in user behavior by deploying fake software updates to deliver the SocGholish malware. This malware delivery framework…
OpenAI Discloses Mixpanel Data Breach
The company has publicly revealed a security incident involving Mixpanel, a third-party analytics provider previously used to monitor activity on platform.openai.com, the frontend for its API…
Hackers Actively Attacking Telecommunications & Media Industry to Deploy Malicious Payloads
Cybercriminals are launching increasingly sophisticated attacks against the telecommunications and media industry, focusing their efforts on deploying malicious payloads that compromise critical infrastructure. Recent security…
Hackers Tricks macOS Users to Execute Command in Terminal to Deliver FlexibleFerret Malware
Cybercriminals are successfully targeting Apple users through a sophisticated social engineering scheme that tricks victims into running harmful commands on their computers. The threat, called…