Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Škoda confirms unauthorized access to its online shop
Car manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed…
IT Security News Hourly Summary 2026-05-12 12h : 11 posts
11 posts were published in the last hour 10:3 : State-sponsored actors, better known as the friends you don’t want 10:3 : North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware 10:3 : 1 in 8 employees have sold…
State-sponsored actors, better known as the friends you don’t want
Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. Learn why your IR plan might need revisiting, and the factors you should consider. This article has been indexed from Cisco Talos Blog…
North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware
North Korean threat actors have introduced a stealthy new delivery mechanism in their ongoing “Contagious Interview” campaign, shifting tactics to abuse Git hooks for malware execution. The attack begins with a familiar social engineering lure. Victims, often developers targeted through…
1 in 8 employees have sold company logins or know someone who has
Cifas just published research that should bother anyone who runs a business, or buys from one. This article has been indexed from Malwarebytes Read the original article: 1 in 8 employees have sold company logins or know someone who has
Apple, Google drag cross-platform texting into the encrypted age
After years of stopping dead at the green bubble border, iPhone and Android users can finally send E2EE messages without relying on third-party apps This article has been indexed from www.theregister.com – Articles Read the original article: Apple, Google drag…
Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks
A critical security vulnerability in the Cline AI coding assistant’s kanban package exposes developers to remote code execution, data theft, and denial-of-service attacks by simply visiting a malicious website. Security researcher Sagilayani disclosed CVE-2026-44211 on GitHub four days ago, revealing…
Cushman & Wakefield – 310,431 breached accounts
In May 2026, the real estate services firm Cushman & Wakefield was the target of a “pay or leak” extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the…
TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack
A supply chain attack that started with a relatively obscure open-source scanner has now reached one of the most widely used application security tools in the industry. In May 2026, a malicious version of the Checkmarx Jenkins AST plugin was…
Magecart Hackers Abuse Google Tag Manager to Inject Credit Card Skimmers
Online shoppers have long been targets of digital theft, but a recent wave of attacks has raised the stakes in a troubling new way. Hackers tied to the notorious Magecart group are now hiding credit card skimmers inside Google Tag…
Critical PHP SOAP Extension Vulnerabilities Enables Remote Code Execution Attacks
A serious cluster of vulnerabilities has been uncovered in PHP’s core string processing and ext-soap components, putting numerous web servers at immediate risk of total takeover. While the SOAP extension has a notorious history of memory corruption flaws, this latest…
Stolen Canvas data was “returned” after hacker agreement, Instructure says
Instructure says the stolen Canvas data impacting millions of students and staff was “returned.” That’s not how breaches work. This article has been indexed from Malwarebytes Read the original article: Stolen Canvas data was “returned” after hacker agreement, Instructure says
Malicious Hugging Face Repository Typosquats OpenAI
HiddenLayer reveals infostealer malware in a Hugging Face repository This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious Hugging Face Repository Typosquats OpenAI
Santa Clara County Sues Meta Over Scam Ads
California county in heart of Silicon Valley sues Facebook parent, claiming it knowingly profits from ads tied to fraud schemes This article has been indexed from Silicon UK Read the original article: Santa Clara County Sues Meta Over Scam Ads
Claude Chrome Extension Flaw Lets Malicious Add-Ons Steal Gmail and Drive Data
A critical vulnerability dubbed “ClaudeBleed” has compromised Anthropic’s trusted AI assistant, potentially turning it into a backdoor. This severe design flaw in the Claude Chrome extension allows malicious add-ons to hijack the AI secretly. Even extensions with zero declared permissions…
Fake TronLink Chrome Extension Steals Crypto Wallet Credentials
A newly uncovered phishing campaign is targeting TRON wallet users through a deceptive Chrome extension that mimics the popular TronLink wallet. The campaign highlights how modern browser extension abuse is evolving beyond static code inspection, making detection significantly harder. At…
OpenAI’s Daybreak uses Codex Security to identify risky attack paths
OpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI models, Codex Security, and cyber-focused GPT-5.5 variants to help organizations identify, validate, and prioritize software vulnerabilities. How…
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The…
A.I. software flaw hackers, Forza Horizon 6 leak, Linux kernel hit again
A.I. hackers find software flaw Xbox leaks ‘Forza Horizon 6’ Linux kernel hit by 2nd flaw Get the show notes here: Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email,…
Meta Removes Full Encryption From Instagram
End-to-end encryption offering removed for Instagram direct messages, amid criticism over child safety This article has been indexed from Silicon UK Read the original article: Meta Removes Full Encryption From Instagram
Microsoft Warns: MistralAI PyPI Package Compromised with Malware
Mistral’s official Python client on PyPI has been pulled into the ongoing wave of AI supply‑chain attacks, with Microsoft warning that version 2.4.6 of the mistralai package was backdoored to silently deploy a credential‑stealing payload on Linux systems. The logic is designed…
South Staffordshire Water Fined £1m After Data Breach
The ICO has fined South Staffordshire Water nearly £1m for a series of data protection failings This article has been indexed from www.infosecurity-magazine.com Read the original article: South Staffordshire Water Fined £1m After Data Breach
TikTok Scales Back AI Summaries After Bizarre Results
TikTok to limit AI summaries of videos after tool creates fanciful descriptions seemingly unrelated to material in question This article has been indexed from Silicon UK Read the original article: TikTok Scales Back AI Summaries After Bizarre Results