Three consecutive releases of Microsoft’s official Python workflow SDK were poisoned with a multi-cloud credential-stealing worm, continuing the group’s relentless 2026 supply chain campaign. The TeamPCP threat group has struck again this time targeting durabletask, the official Microsoft Python client for…
Hackers Use Single-Letter Go Module Typosquat to Deploy DNS-Based Backdoor
A seemingly innocent typo in a Go module name has been quietly serving a live backdoor for nearly three years. Security researchers uncovered a malicious package called github.com/shopsprint/decimal that impersonates the popular github.com/shopspring/decimal library, differing by just a single letter in its name. The…
Anthropic Silently Patches Claude Code Sandbox Bypass
The researcher who found it says the vulnerability could have been chained with a prompt injection to exfiltrate data. The post Anthropic Silently Patches Claude Code Sandbox Bypass appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
NVIDIA Triton Inference Server Flaw Raises Risk of Unauthorized Access
NVIDIA has disclosed a critical security vulnerability in its Triton Inference Server that could allow attackers to bypass authentication and gain unauthorized access to affected systems. The flaw, tracked as CVE-2026-24207, has been assigned a CVSS v3.1 score of 9.8,…
Old Breaches Resold as New Corporate Data Leaks
Dark web data brokers are increasingly recycling old breach data and marketing it as fresh corporate leaks. The activity, largely observed in Chinese-language cybercrime forums and Telegram channels, is creating confusion among organizations and diverting security resources toward investigating claims…
Microsoft DurableTask Python Client Targeted in TeamPCP Cyberattack
The ongoing TeamPCP software supply chain campaign has compromised the official Microsoft DurableTask Python client, a widely used package for orchestrating workflows in Python applications. Three versions of the durabletask package on PyPI, 1.4.1, 1.4.2, and 1.4.3, were identified as malicious and…
Firefox 151 packs big privacy upgrades into a small update
Firefox 151 adds major privacy improvements and fixes high-priority security vulnerabilities, making this an update you shouldn’t ignore. This article has been indexed from Malwarebytes Read the original article: Firefox 151 packs big privacy upgrades into a small update
According to Sophos 71% of orgs hit by identity breaches
More than seven in ten organizations suffered identity-related breaches over the past year, according to Sophos’s State of Identity Security 2026 survey. This article has been indexed from CyberMaterial Read the original article: According to Sophos 71% of orgs hit…
NIST PNT Framework Strengthens GPS Interference Defenses
The National Institute of Standards and Technology has published a new framework addressing vulnerabilities in Positioning, Navigation, and Timing systems, with particular focus on strengthening defenses against GPS interference. This article has been indexed from CyberMaterial Read the original article:…
Indiana launches military-aligned cybersecurity pathway
Indiana will launch a first-of-its-kind military-aligned cybersecurity education pathway in June 2025, connecting high school students with advanced coursework, industry experience, and direct mentorship from the Indiana National Guard. This article has been indexed from CyberMaterial Read the original article:…
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While we currently have no evidence…
OtterCookie RAT Steals Dev Secrets and Cloud Credentials
A newly discovered malware strain called OtterCookie is targeting software developers with sophisticated credential theft capabilities, according to recent analysis from security researchers. This article has been indexed from CyberMaterial Read the original article: OtterCookie RAT Steals Dev Secrets and…
Crafted JPEGs Trigger PHP Memory Bugs
Critical memory corruption vulnerabilities have been identified in PHP’s core ext/standard extension, specifically affecting how the widely deployed programming language processes JPEG image files. This article has been indexed from CyberMaterial Read the original article: Crafted JPEGs Trigger PHP Memory…
Tulane University Data Breach Investigation
Tulane University has confirmed a significant data breach involving its HR systems after attackers exploited a zero-day vulnerability in Oracle’s E-Business Suite on August 10, 2025. This article has been indexed from CyberMaterial Read the original article: Tulane University Data…
Baidam and AUSCERT sign MOU for cybersecurity collaboration
Australian cybersecurity organizations Baidam and AUSCERT have formalized a partnership through a Memorandum of Understanding focused on advancing cybersecurity collaboration. This article has been indexed from CyberMaterial Read the original article: Baidam and AUSCERT sign MOU for cybersecurity collaboration
Fake Word Phishing Reveals Enterprise Blind Spot in Trusted Remote Access Tools
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Fake Word…
Fox Tempest Linked to Malware-Signing Service Abusing Microsoft Artifact Signing
Fox Tempest, a financially motivated threat actor, has been linked to a large-scale malware-signing-as-a-service (MSaaS) operation that abused Microsoft’s Artefact Signing platform to enable cybercriminals to distribute malicious software that appeared to be trusted. According to Microsoft Threat Intelligence, the…
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations
A new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to government…
GraphWorm Malware Uses Microsoft OneDrive as Command-and-Control Infrastructure
A well-known China-aligned threat group has quietly evolved its attack methods, and its latest toolset reveals just how far it is willing to go to stay hidden. A backdoor called GraphWorm has surfaced as part of this group’s growing arsenal,…
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Novata uses AI to map risk across portfolios and supply chains
Novata has announced the launch of Risk Atlas, a new AI-powered risk monitoring tool designed to help organizations identify, compare, and prioritize risks across portfolios and supply chains. Framework for comparative risk visibility Risk Atlas provides a single, customizable framework…
ArmorCode gives security teams AI workers for exposure and remediation
ArmorCode has announced Anya Agents, a new agentic AI framework delivered on the patented ArmorCode Agentic AI Platform that enables organizations to operationalize AI-driven security workflows at enterprise scale. Built on ArmorCode’s Context Risk Graph, Anya Agents help security teams…
FBI: $388 million lost in crypto ATM scams in 2026
Americans lost more than $388 million to crypto kiosk scams in 2025, with the FBI warning that criminals are increasingly directing victims to transfer funds through these machines. Cryptocurrency kiosks, popularly known as Bitcoin ATMs, are physical automated teller machines…
China-Linked Webworm APT Evolves Tactics, Expands to European Targets
China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research This article has been indexed from www.infosecurity-magazine.com Read the original article: China-Linked Webworm APT Evolves Tactics, Expands to European Targets