Unknown attackers have compromised 30+ Red Hat Cloud Services npm packages with malware that goes after credentials stored in developers’ build environment. What the malware stole and how it can spread further The compromised packages were published in two different GitHub source repositories on June 1, 2026, between 10:53 and 10:53:33 UTC and 13:44 and…
Tag: unknown
Global Security News
Dashlane accounts suspended amid brute-force attack
Dashlane users reported receiving notifications of suspicious login attempts from unknown devices and foreign locations, leading to account lockouts.
AI, Exploits, Global Security News, Network Security
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. “The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised
AI, Exploits, Global Security News
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and exploit generation. The activity is said…
Exploits, Global Security News, Government & Policy
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the recently disclosed vulnerability in cPanel. The activity, detected by Ctrl-Alt-Intel on May 2, 2026,…
Global Security News
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Unknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with
AI, Global Security News
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across…
AI, Cybersecurity, Exploits, Global Security News
Acrobat Reader zero-day exploited in the wild for many months
Unknown attackers have exploited a zero-day Adobe Acrobat Reader vulnerability since November 2025 and possibly even earlier, security researcher Haifei Li has discovered. PDF files carry the exploit Haifei Li is one of the creators of EXPMON, a sandbox-based cybersecurity system for detecting advanced file-based exploits. It does so by analyzing suspicious files submitted through…
AI, Exploits, Global Security News
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON’s Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact (“Invoice540.pdf”) first appeared on the VirusTotal platform on November 28, 2025. A second
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
The zero-day timeline just collapsed. Here’s what security leaders do next
A zero-day is not frightening because it is sophisticated. It is frightening because it is unknown. There is no patch in the moment it matters most. That single condition undermines the comfort most security programs rely on: time. In the past, attackers didn’t need zero-days because they relied on predictable failures in patching and credential…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
The zero-day timeline just collapsed. Here’s what security leaders do next
A zero-day is not frightening because it is sophisticated. It is frightening because it is unknown. There is no patch in the moment it matters most. That single condition undermines the comfort most security programs rely on: time. In the past, attackers didn’t need zero-days because they relied on predictable failures in patching and credential…
AI, Global Security News
Axios npm packages backdoored in supply chain attack
An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages backdoored with a malicious dependency that triggered the installation of droppers and remote access trojans. How the attack unfolded On March 30, 2026, with an account using a separate…
AI, Cybersecurity, Global Security News
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. “A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content,” the cybersecurity company said in
AI, Data Breaches, Exploits, Global Security News
Ajax data breach exposed season tickets, supporter bans open to tampering
AFC Ajax, the Dutch football club from Amsterdam, disclosed that an unknown hacker gained access to parts of its IT systems and obtained the email addresses of a few hundred people. The hack exploited vulnerabilities in Ajax’s app and website, including exposed APIs and shared access keys. The club stated that names, email addresses, and…
Exploits, Global Security News
Cisco SD-WAN Zero-Day Under Exploitation for 3 Years
The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind.
AI, Global Security News
UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors
A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. “This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of…