Threat Intelligence

Malicious postinstall hooks discovered across 700+ GitHub repos targeting PHP and Node.js packages via Packagist.

AI-generated packages surge exponentially on npm, reshaping open source production and consumption.

Megalodon attack compromises 5,561 GitHub repos via malicious CI workflows in six hours.

Deleted Google API keys remain active for up to 23 minutes due to eventual consistency delays.

GitHub breach of 3,800 repos linked to malicious Nx Console extension in TanStack npm supply-chain attack

Perumda Tirta Musi Palembang utility database with 437K+ customer records allegedly for sale.

1VPNS VPN service website seized by joint international law enforcement action.

Uruguay DNIC citizen database with 5.8M records allegedly leaked on underground forum

Uruguay's DNIC citizen database with 5.8M records allegedly leaked online.

TeamPCP steals 3,800 GitHub repositories via poisoned VS Code extension, demands $95K

Verizon DBIR 2026: AI exploited software vulnerabilities in 31% of breaches, compressing exploit timelines from months

Banana RAT malware targets 16 Brazilian banks via fake invoices, stealing data with QR code fraud.

GitHub confirms employee device compromise via malicious VS Code extension.

GitHub investigates breach of ~4,000 internal repositories claimed by TeamPCP hacker group

ShinyHunters targets cybersecurity firm that advises ransomware victims against paying.

Shai-Hulud campaign injects malware into 600+ npm packages to steal developer credentials.

7-Eleven confirms cyberattack by ShinyHunters gang that stole 600K+ records from Salesforce systems.

INTERPOL Operation Ramz arrests 200+ individuals, seizes 53 malware and phishing servers across MENA region.

SHub macOS infostealer variant 'Reaper' spoofs Apple security updates via AppleScript to steal data and install

Leaked Shai-Hulud malware deployed in four malicious npm packages by threat actor.

Grafana Labs' GitHub environment breached via stolen token; source code stolen by CoinbaseCartel extortion gang.

Shai-Hulud worm clones emerge days after source code release on GitHub.

Grafana confirms data breach via compromised GitHub token; source code stolen by Coinbase Cartel.

Active in-the-wild exploitation of critical NGINX heap buffer overflow CVE-2026-42945 begins days after patch release.

Pwn2Own Berlin 2026 awards $1.3M for 47 zero-day exploits across enterprise and AI products.

Pwn2Own Berlin 2026 awards $1.3M for 47 zero-day exploits across Windows, Linux, VMware, Nvidia, and AI products.

Tycoon2FA phishing kit adds device-code attacks to hijack Microsoft 365 accounts via Trustifi URLs.

Scammers mail fake Ledger phishing letters with QR codes to steal crypto wallet seed phrases from Italian users.

Grafana confirms source code theft via compromised GitHub token; rejects ransom demand.

RDP stealer malware discovered with Windows Defender evasion capability.

Microsoft failed to properly patch 2020 Windows CVE, allowing Nightmare Eclipse exploitation.

Ícaro Cloud breach exposes firewall configs, VPN keys, and TLS certs for 20 Spanish firms.

Hackers deploy XWorm RAT v7.4 via PyInstaller with AMSI patching to bypass Windows security.

REMUS infostealer malware evolves into MaaS platform targeting session tokens and password managers.

OpenAI hit by TanStack supply chain attack; credentials stolen from code repositories.

CalPhishing campaign exploits Outlook invites and device code phishing to steal M365 tokens and bypass MFA.

TeamPCP releases Shai-Hulud worm source code on GitHub, fueling supply chain attacks with monetary rewards.

Unit 42 analyzes AD CS exploitation techniques including template misconfigurations and shadow credential misuse.

TeamPCP hackers demand $25K for stolen Mistral AI source code via supply-chain compromise.

Lightning AI allegedly breached; internal codebase and PyTorch Lightning project files exposed.

Nightmare Eclipse releases MiniPlasma vulnerability (CVE-2020-17103) in Windows Cloud Files Mini Filter Driver

Cisco SD-WAN maximum severity vulnerability exploited in active attacks.

Cisco SD-WAN Controller/Manager CVE-2026-20182 critical auth bypass under active exploitation

CVE-2026-20182 critical Cisco SD-WAN authentication bypass under active exploitation

Cisco patches critical SD-WAN Controller authentication bypass (CVE-2026-20182) exploited in active zero-day attacks.

Brazilian identity verification provider Nuvidio allegedly breached; 40K files with KYC, biometrics, private keys

Threat actor advertises 50K+ leaked Burkina Faso passports and national ID cards online.

50,000+ scanned Burkina Faso passport and ID records allegedly leaked online.

OpenAI confirms two employee devices breached in TanStack supply chain attack via Mini Shai-Hulud malware.

Guatemalan Ministry of Finance allegedly breached; 130K RGAE registrations and 235K PDFs exposed via IDOR.