Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials Software Security / MalwareIn yet another software supply chain attack, threat actors have comprom... 2026-5-19 05:28:6 | 阅读: 24 | 收藏 | The Hacker News - thehackernews.com github malicious software runner imposter

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has co... 2026-5-19 04:54:17 | 阅读: 25 | 收藏 | The Hacker News - thehackernews.com antv github shai hulud payload

INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North... 2026-5-18 17:21:18 | 阅读: 18 | 收藏 | The Hacker News - thehackernews.com phishing sentencing interpol arrests conspiracy

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More Monday opens with a trust problem. A mail server flaw is under active use. A network control syste... 2026-5-18 13:50:17 | 阅读: 27 | 收藏 | The Hacker News - thehackernews.com 2026 software security microsoft windows

How to Reduce Phishing Exposure Before It Turns into Business Disruption What happens when a phishing email looks clean enough to pass through security, but dangerous eno... 2026-5-18 13:0:0 | 阅读: 41 | 收藏 | The Hacker News - thehackernews.com phishing exposure security analysis uncertainty

Developer Workstations Are Now Part of the Software Supply Chain Supply chain attackers are not only trying to slip malicious code into trusted software. They are t... 2026-5-18 11:23:41 | 阅读: 43 | 收藏 | The Hacker News - thehackernews.com developer software cloud security workstation

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws Vulnerability / Software SecurityIvanti, Fortinet, n8n, SAP, and VMware have released security fix... 2026-5-18 10:54:5 | 阅读: 52 | 收藏 | The Hacker News - thehackernews.com 2026 n8n attacker remote

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware Supply Chain Attack / BotnetCybersecurity researchers have discovered four new npm packages contai... 2026-5-18 08:57:26 | 阅读: 18 | 收藏 | The Hacker News - thehackernews.com hulud shai security tempalte github

Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations Industrial Sabotage / MalwareA new analysis of the Lua-based fast16 malware has confirmed that it... 2026-5-18 06:46:37 | 阅读: 26 | 收藏 | The Hacker News - thehackernews.com fast16 simulation sabotage stuxnet simulations

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and... 2026-5-18 04:59:21 | 阅读: 22 | 收藏 | The Hacker News - thehackernews.com windows microsoft pointed security eclipse

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE Server Security / VulnerabilityA newly disclosed security flaw impacting NGINX Plus and NGINX Open... 2026-5-17 11:57:53 | 阅读: 35 | 收藏 | The Hacker News - thehackernews.com security vulncheck 2026 remote opendcim

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability t... 2026-5-17 07:13:33 | 阅读: 43 | 收藏 | The Hacker News - thehackernews.com extortion reveal

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming Vulnerability / Website Security A critical security vulnerability impacting the Funnel Buil... 2026-5-16 15:20:48 | 阅读: 26 | 收藏 | The Hacker News - thehackernews.com attacker funnel security sansec attackers

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access Botnet / Threat Intelligence The Russian state-sponsored hacking group known as Turla... 2026-5-15 17:10:25 | 阅读: 28 | 收藏 | The Hacker News - thehackernews.com kazuar c2 blizzard microsoft windows

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence Vulnerability / AI SecurityCybersecurity researchers have disclosed a set of four security flaws i... 2026-5-15 13:35:4 | 阅读: 21 | 收藏 | The Hacker News - thehackernews.com 2026 openclaw bypass 44112 plant

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface Endpoint Security / Threat DetectionIn Your Biggest Security Risk Isn't Malware — It's What You Al... 2026-5-15 11:0:0 | 阅读: 26 | 收藏 | The Hacker News - thehackernews.com reduction attackers bitdefender security living

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates OpenAI has disclosed that two of its employee devices in its corporate environment were impacted vi... 2026-5-15 10:54:44 | 阅读: 29 | 收藏 | The Hacker News - thehackernews.com openai teampcp c2 rotated tanstack

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email Microsoft / VulnerabilityMicrosoft has disclosed a new security vulnerability impacting on-premise... 2026-5-15 06:19:4 | 阅读: 23 | 收藏 | The Hacker News - thehackernews.com exchange microsoft 42897 eomt emergency

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits Vulnerability / Credential TheftThe U.S.Cybersecurity and Infrastructure Security Agency (CISA) on... 2026-5-15 05:28:3 | 阅读: 32 | 收藏 | The Hacker News - thehackernews.com 2026 deploys 8616 uat

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access Vulnerability / Network SecurityCisco has released updates to address a maximum-severity authentic... 2026-5-14 17:45:20 | 阅读: 23 | 收藏 | The Hacker News - thehackernews.com 2026 bypass catalyst attacker