Socket.IO

Vercel Data Breach Exposes SA Developer Community

Attackers Weaponize RubyGems for Data Dead Drops

New Npm Supply-Chain Attack Self-Spreads to Steal Auth Tokens

Cybersecurity M&A Roundup: 33 Deals Announced in April 2026

Miasma Malware Targets Red Hat Npm Packages in New Supply Chain Attack

New Malware Campaign Tricks AI Scanners with Fake Nuclear Weapon Prompts — Malicious Code Triggers Safety Failsafes so Scanners Skip the Payload

Over 100 Chrome Web Store Extensions Steal User Accounts, Data

TeamPCP, BreachForums Launch $1K Supply-Chain Attack Contest

Widely Used Trivy Scanner Compromised in Ongoing Supply-Chain Attack

Official SAP Npm Packages Compromised to Steal Credentials

13 New Critical Holes in JavaScript Sandbox Allow Execution of Arbitrary Code

Dozens of Red Hat Packages Backdoored Through Its Official NPM Channel

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Shai-Hulud Malware Worms Red Hat Npm Package Versions Downloaded 80K Times a Week

Malicious Chrome Extension Steals Wallet Credentials, Enables Automated Trading Abuse

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Hacker Active Well Beyond Context.ai Compromise, Says Vercel CEO

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

Self-Propagating Supply Chain Worm Hijacks Npm Packages to Steal Developer Tokens

Supply Chain Battles Intensify as Takedowns Meet AI-Driven Noise

Anthropic’s Mythos and OpenAI’s GPT‑5.5 Ignite AI Security Arms Race

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

TeamPCP Hijacks 3,800 GitHub Repos in Massive Open‑Source Supply‑Chain Assault

Trivy, KICS, and the Shape of Supply Chain Attacks so Far in 2026

Chrome Ad Blocker Caught Hijacking Amazon Affiliate Links

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

“There Is No Accountability”: AI Coding Agents Are Installing Packages No One Owns

Compromised dYdX Npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

Anthropic's Mythos and OpenAI's GPT‑5.5 Ignite a Cybersecurity Sprint for CIOs

Malicious PyPI Package Impersonates Sympy-Dev, Targeting Millions of Users

Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

Malicious Chrome Extension Skims Solana Swaps with Hidden Extra Transfers

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

NPM to Implement Staged Publishing After Turbulent Shift Off Classic Tokens

Mini Shai Hulud Strikes Again Hitting over 100 Npm and PyPI Packages Including Mistral AI

New Shai-Hulud Attack Trojanizes 19 Science-Focused PyPI Packages

Microsoft Launches Open‑Source Toolkit Covering All 10 OWASP AI Risks

TrapDoor Malware Campaign Puts Developer Workstations in CISO Spotlight

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

Valid Certificates, Stolen Accounts: How Attackers Broke Npm's Last Trust Signal

Bitwarden CLI Compromised in Checkmarx Supply‑Chain Attack Affecting 10M Users

PyTorch Lightning and Intercom-Client Hit in Supply Chain Attacks to Steal Credentials