Latest IntelligencePage 65
Search by keyword →
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
A large-scale software supply-chain attack involving the "Shai-Hulud" malware has compromised hundreds of packages across open-source software ecosystems. [...]...
Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means
Curl’s lead developer says Mythos claims are marketing, but many in the industry believe the results stem from Curl’s robust security. The post Claude Mythos Fi...
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem....
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in the Commerce Cloud enterp...
MistralAI PyPI Package Compromised to Inject Malicious Code – Microsoft Warns
A popular AI development library has been turned into a weapon. The mistralai PyPI package, version 2.4.6, was found to contain malicious code secretly injected...
Signal rolls out new protections against impersonation attacks
Signal has announced a new set of in-app protections designed to help users identify phishing attempts and social engineering scams on the encrypted messaging p...
Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?
Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. The post Is The SO...
New ‘Shai-Hulud’ attack breached hundreds of npm and PyPI packages
A rapidly expanding supply-chain attack tied to the “Mini Shai-Hulud” malware campaign has compromised more than 400 package artifacts across npm, PyPI, and Com...
Claude’s Chrome Extension Vulnerability Allows Malicious Extensions to Steal Gmail and Drive Data
Researchers have exposed a catastrophic vulnerability hiding inside the “Claude in Chrome” extension. By weaponizing an otherwise harmless, zero-per...
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Suppl...
Instructure reaches 'agreement' with ShinyHunters to stop data leak
Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an "agreement" with the ShinyHunters extortion grou...
Critical PHP SOAP Extension Vulnerabilities Enables Remote Code Execution Attacks
A serious cluster of vulnerabilities has been uncovered in PHP’s core string processing and ext-soap components, putting numerous web servers at immediate...
Magecart Hackers Abuse Google Tag Manager to Inject Credit Card Skimmers
Online shoppers have long been targets of digital theft, but a recent wave of attacks has raised the stakes in a troubling new way. Hackers tied to the notoriou...
TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack
A supply chain attack that started with a relatively obscure open-source scanner has now reached one of the most widely used application security tools in the i...
PoC Exploit Released for Android 0-Click Vulnerability that Enables Remote Shell Access
Google’s May 2026 Android Security Bulletin has revealed a critical zero-click vulnerability in the core Android System. The CVE-2026-0073 flaw in Android...
PoC Exploit Released for Android Zero-Click Vulnerability that Enables Remote Shell Access
In a chilling blow to mobile security, Google’s May 2026 Android Security Bulletin has unmasked a catastrophic zero-click vulnerability lurking within the...
TrickMo Android Banking Malware Targets Banking, Wallet, and Authenticator Apps
A dangerous Android banking malware known as TrickMo has resurfaced with a powerful new variant, and this time it is more stealthy, more capable, and harder to ...
OpenAI Daybreak Automates Vulnerability Detection and Fixing
OpenAI has introduced Daybreak, a strategic initiative to change how modern software is built and defended against emerging threats. Moving away from traditiona...
OpenAI Daybreak Automates Detects and Fix Vulnerabilities Automatically
OpenAI has introduced Daybreak, a strategic initiative to change how modern software is built and defended against emerging threats. Moving away from traditiona...
New BitUnlocker Downgrade Attack on Windows 11 Allows Access to Encrypted Disks in 5 Minutes
A new tool, BitUnlocker, reveals a practical downgrade attack against Microsoft’s BitLocker encryption, allowing attackers with physical access to decrypt...