Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini ...
SecurityWeek
20 articles
Caught Off Guard: Securing AI After It Hits Production
As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. The post Caught Off Guard: Securing AI Afte...
Real-World ICS Security Tales From the Trenches
SecurityWeek spoke with several ICS security experts and companies about their most memorable experiences in the field. The post Real-World ICS Security Tale...
Virtual Event Today: Threat Detection & Incident Response Summit
The speed and sophistication of cyberattacks have outpaced traditional defense methods. Please join us online today from 11AM -4PM ET for the Threat Detectio...
GitHub Confirms Hack Impacting 3,800 Internal Repositories
The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3...
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector
Verizon’s 2026 DBIR finds vulnerability exploitation has overtaken credential abuse as the leading breach vector, as AI accelerates attacks, patching delays ...
Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation
Drupal says attackers may develop an exploit for the vulnerability within hours or days. The post Drupal to Patch Highly Critical Vulnerability at Risk of Qu...
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software. The post Microsoft Disrup...
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fa...
Unpatched ChromaDB Vulnerability Can Lead to Server Takeover
The security defect can be exploited remotely, without authentication, to execute arbitrary code and leak sensitive information. The post Unpatched ChromaDB ...
B1ack’s Stash Marketplace Gives Away 4.6 Million Stolen Credit Cards
The stolen credit card data was released as a free download, allegedly in response to seller misconduct. The post B1ack’s Stash Marketplace Gives Away 4.
Cyber Resilience is the New Business Continuity Plan
The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lo...
201 Arrested in Crackdown on Cybercrime in Middle East, North Africa
The 13-country effort, named Operation Ramz, targeted cyber threats in the Middle East and North Africa region. The post 201 Arrested in Crackdown on Cybercr...
PoC Released for DirtyDecrypt Linux Kernel Vulnerability
Patched in April, the underlying vulnerability allows local attackers to elevate their privileges to root. The post PoC Released for DirtyDecrypt Linux Kerne...
Critical Vulnerability Exposes Industrial Robot Fleets to Hacking
The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection. The post Critical Vulnerability Expo...
Millions Impacted Across Several US Healthcare Data Breaches
Several healthcare data breaches impacting hundreds of thousands and even millions were added to the HHS tracker. The post Millions Impacted Across Several U...
‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery
Four vulnerabilities in OpenClaw can be chained together to steal credentials, escape the sandbox, and plant persistent backdoors. The post ‘Claw Chain’ Open...
7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand
The hackers claimed to have stolen more than 600,000 Salesforce records, including personal information and corporate data. The post 7-Eleven Data Breach Con...
Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE
The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug. The post Researcher Drops MiniPlasma Wind...
First Shai-Hulud Worm Clones Emerge
At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emer...