Tag: software
-
Hackers Exploit Shared CDNs to Evade Domain Reputation Filters
Hackers are increasingly abusing shared Content Delivery Network (CDN) infrastructure to bypass domain-reputation-based security controls using a newly identified technique called “Underminr.” Underminr is not a conventional software flaw but an inherent weakness in how modern CDNs handle multi-tenant traffic. CDN providers such as Cloudflare, Akamai, AWS CloudFront, and Fastly route traffic for millions of…
-
Hackers Hide Linux Malware in SSH-Like Package Filename
Hackers have been observed disguising a malicious Linux payload under an SSH-like filename during software installation, as part of a coordinated supply chain attack targeting developer ecosystems. The attack hinges on a hidden post-install script embedded inside package.json, rather than the expected composer.json used in PHP environments. This subtle placement allows the malicious code to evade detection during routine dependency…
-
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware.The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from…
-
GitHub Strengthens npm Security With Staged Publishing Protection
GitHub has introduced a major security enhancement to the npm ecosystem with the general availability of staged publishing and new install-time controls in npm CLI version 11.15.0. These updates are designed to reduce software supply chain risks, particularly those arising from compromised developer accounts, malicious package updates, and automated CI/CD workflows. GitHub Strengthens npm Security…
-
Hackers Compromise 34 npm, PyPI, and Crates Packages in Major Supply Chain Attack
Hackers have launched a large-scale software supply chain attack targeting developers across npm, PyPI, and Crates.io, compromising at least 34 open-source packages and hundreds of associated versions. Security researchers at Socket are tracking the campaign as “TrapDoor,” a crypto-focused credential stealer designed to infiltrate developer environments and exfiltrate sensitive data. Cross-Ecosystem Supply Chain Attack The…
-
Hackers Compromise 34 npm, PyPI, and Crates Packages in Major Supply Chain Attack
Hackers have launched a large-scale software supply chain attack targeting developers across npm, PyPI, and Crates.io, compromising at least 34 open-source packages and hundreds of associated versions. Security researchers at Socket are tracking the campaign as “TrapDoor,” a crypto-focused credential stealer designed to infiltrate developer environments and exfiltrate sensitive data. Cross-Ecosystem Supply Chain Attack The…
-
Top 10 Best Static Application Security Testing (SAST) Tools for Security Teams in 2026
The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought. Whether you are managing extensive front-end codebases or back-end API integrations, catching flaws before code is compiled is crucial. This proactive approach is the essence of Static Application Security Testing (SAST). By identifying…
-
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation.Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication…
-
Das Ende der Cybersecurity? Was Anthropics Claude Mythos Preview für Software bedeutet
First seen on t3n.de Jump to article: t3n.de/news/cybersecurity-ki-claude-mythos-preview-1742439/
-
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month.Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set of…
-
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework.The affected packages include – laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions”The timing and pattern of the newly published tags First seen on thehackernews.com Jump to article: thehackernews.com/2026/05/laravel-lang-php-packages-compromised.html
-
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework.The affected packages include – laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions”The timing and pattern of the newly published tags First seen on thehackernews.com Jump to article: thehackernews.com/2026/05/laravel-lang-php-packages-compromised.html
-
Trend Micro warns of Apex One zero-day exploited in the wild
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trend-micro-warns-of-apex-one-zero-day-exploited-in-attacks/
-
A hacker group is poisoning open source code at an unprecedented scale
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2026/05/a-hacker-group-is-poisoning-open-source-code-at-an-unprecedented-scale/
-
Flipper Introduces Flipper One as a Modular Linux-Based Cyberdeck
Flipper Devices has officially unveiledFlipper One, a modular, Linux-based cyberdeck designed to push the boundaries of open hardware and portable network analysis platforms. Unlike the popular Flipper Zero, the new device targets high-performance networking, software-defined radio (SDR), and embedded Linux development, positioning itself as a powerful toolkit for cybersecurity professionals, researchers, and hardware developers. Flipper…
-
Mythos-Level AI Is Creating a Tech Debt Crisis
Advanced AI Models Find More Holes Than Enterprise Security Teams Can Plug. Artificial intelligence models such as Anthropic’s Mythos are rapidly exposing decades of hidden software security debt, forcing CIOs and CISOs to rethink vulnerability management, remediation capacity and the trade-offs between availability and breach prevention. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/mythos-level-ai-creating-tech-debt-crisis-a-31750
-
7 Best Attack Surface Management Software in 2026
Efficiently manage your attack surface in 2026 with industry-leading tools. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/attack-surface-management-tools/
-
7 Best Attack Surface Management Software in 2026
Efficiently manage your attack surface in 2026 with industry-leading tools. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/attack-surface-management-tools/
-
7 Best Attack Surface Management Software in 2026
Efficiently manage your attack surface in 2026 with industry-leading tools. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/attack-surface-management-tools/
-
6 Best Vulnerability Management Software Systems for 2026
Compare the top vulnerability management software in 2026 to help your security team prioritize and apply fixes across your network. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/vulnerability-management-software/
-
JFrog-Report 2026: KI-Governance hinkt hinterher – Angriffe auf Software-Lieferketten explodieren
Besonders brisant ist die Entwicklung rund um KI-Agenten und automatisierte Entwicklerwerkzeuge. Viele manipulierte KI-Agenten-Skills mit gefährlichen Payloads First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-report-2026-ki-governance-hinkt-hinterher-angriffe-auf-software-lieferketten-explodieren/a45250/
-
‘Intelligent ResOps” sorgt für schnellere, präzisere und kontextsensitive Datenwiederherstellung im KI-Zeitalter
Veeam Software hat <> vorgestellt, eine neue Lösung, die auf der <> in New York City präsentiert wurde und Datenkontext und Wiederherstellung vereint. Während KI-Agenten den Wandel mit maschineller Geschwindigkeit vorantreiben, verschafft Intelligent-ResOps den Sicherheitsteams die notwendigen Einblicke in ihre Daten, um Auswirkungen schnell zu erfassen und präzise wiederherzustellen, ohne umfassende Rollbacks, wenn […] First…
-
‘Intelligent ResOps” sorgt für schnellere, präzisere und kontextsensitive Datenwiederherstellung im KI-Zeitalter
Veeam Software hat <> vorgestellt, eine neue Lösung, die auf der <> in New York City präsentiert wurde und Datenkontext und Wiederherstellung vereint. Während KI-Agenten den Wandel mit maschineller Geschwindigkeit vorantreiben, verschafft Intelligent-ResOps den Sicherheitsteams die notwendigen Einblicke in ihre Daten, um Auswirkungen schnell zu erfassen und präzise wiederherzustellen, ohne umfassende Rollbacks, wenn […] First…
-
Wenn Cyberkriminelle gehackt werden Was die Gentlemen-Leaks verraten
Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies hat interne Daten der Ransomware-Gruppe ‘The Gentlemen” (CPR berichtete) analysiert, die nach einer Kompromittierung ihrer Infrastruktur öffentlich wurden. Die Erkenntnisse geben einen seltenen Einblick in die Struktur, Arbeitsweise und Angriffsmethoden einer der derzeit aktivsten Ransomware-Operationen weltweit. Die wichtigsten Ergebnisse im Überblick: Zweite Kraft im…
-
Xi and Putin pledge closer cooperation on AI, cyberspace and satellite systems
In a lengthy joint statement, Moscow and Beijing pledged closer cooperation on satellite internet technologies and joint work on software development and open-source initiatives, part of a broader effort to reduce reliance on Western technology and build a more independent technological ecosystem capable of competing with countries both states consider “unfriendly.” First seen on therecord.media…
-
Ransomware-Trends 2026: Weniger Hackergruppen – dafür brutal effizient
Cyberkriminelle agieren 2026 gezielter, schneller und professioneller als je zuvor. Das zeigt der Ransomware Report Q1 2026 von Check Point Software Technologies. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ransomware-trends-2026-weniger-hackergruppen-dafuer-brutal-effizient/a45237/
-
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations. First seen on wired.com Jump to article: www.wired.com/story/teampcp-software-supply-chain-attack-spree-github/
-
New NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of Servers
A newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exposes millions of servers to potential remote code execution (RCE) attacks. The vulnerability affects NGINX version 1.31.0, the latest stable release of the widely used web server software that powers an estimated 3040% of all…
-
New NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of Servers
A newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exposes millions of servers to potential remote code execution (RCE) attacks. The vulnerability affects NGINX version 1.31.0, the latest stable release of the widely used web server software that powers an estimated 3040% of all…

