Mini Shai-Hulud, linked to the TeamPCP group, has become one of the most dangerous worms in the npm and PyPI ecosystems: it compromised TanStack, UiPath, Mistral AI, OpenSearch and Guardrails AI packages by publishing malicious versions through legitimate GitHub Actions with valid SLSA signatures and then automatically spreading to other packages owned by the same … Read more
Researchers at ThreatFabric have identified a new variant of the Android trojan TrickMo, which uses the decentralized network The Open Network (TON) to control infected devices. The variant, designated TrickMo C, was observed in January–February 2026 and, according to the researchers, targets users of banking apps and cryptocurrency wallets in France, Italy, and Austria. The … Read more
RubyGems — the standard package manager for the Ruby programming language — has temporarily blocked new account registration after an incident that is being described as a large-scale malicious attack. According to available information, hundreds of packages are involved in the attack. Everyone who uses Ruby dependencies in their projects should audit recently added packages … Read more
The Exim project has released an emergency security update that fixes the CVE-2026-45185 use-after-free vulnerability, which leads to heap corruption and potentially allows arbitrary code execution on the mail server. The vulnerability affects all Exim versions from 4.97 through 4.99.2 inclusive that are built with GnuTLS support (build parameter USE_GNUTLS=yes). To exploit it, an attacker … Read more
Researchers at Socket discovered a campaign called GemStuffer, in which more than 150 packages were uploaded to the RubyGems repository with an unusual goal — to use the package registry not to distribute malicious code to developers, but as a channel for storing and retrieving data collected from UK local government portals. The campaign affects … Read more
Microsoft in the May Patch Tuesday 2026 closed 138 vulnerabilities in Windows and cloud services, including critical flaws in Windows DNS, Netlogon, Azure, Dynamics 365, and Entra ID, while at the same time announcing enforced rotation of Secure Boot certificates by June 26, 2026. Organizations with domain environments, Dynamics-based CRM, and active Azure usage must … Read more
Trend Micro researchers have described a previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX), which, according to their findings, targets systems used by developers and DevOps engineers with the goal of stealing credentials that provide access to package registries, cloud infrastructure, and CI/CD pipelines. The malware is reported to execute filelessly from memory, use … Read more
A study covering more than 25 million security alerts in real corporate environments revealed a structural issue: almost 1% of confirmed incidents originated from notifications initially classified as low-priority or informational. On endpoints, this figure reached 2%. With an average volume of 450,000 alerts per organization per year, this translates into roughly 54 real threats … Read more
Palo Alto Networks has confirmed limited active exploitation of the critical vulnerability CVE-2026-0300 in its PAN-OS software. This buffer overflow vulnerability in the User-ID Authentication Portal service allows an unauthenticated attacker to execute arbitrary code with root privileges by sending specially crafted network packets. According to researchers, the first exploitation attempts were observed on April … Read more
Critical vulnerabilities have been discovered in the vm2 library, a popular tool for running untrusted JavaScript code in an isolated Node.js environment. These flaws make it possible to break out of the sandbox and execute arbitrary code on the host system. A previously identified vulnerability, CVE-2026-22709, received a 9.8 out of 10 CVSS score, which … Read more
