Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Overview Google has addressed a maximum severity security flaw in Gemini CLI (the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow) that could have allowed attackers to execute arbitrary commands on host systems. The vulnerability, which carries a CVSS score of 10.0, represents one of the most critical AI…
The Latest
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
Overview A sophisticated, high-resilience malware campaign dubbed EtherRAT was identified by Atos Threat Research Center (TRC) in March 2026. This…
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
Overview In yet another wave of software supply chain attacks, threat actors have compromised the popular Python package Lightning (PyTorch…
New Linux ‘Copy Fail’ Flaw Gives Attackers Root Access on Major Distributions
Overview A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-31431 and dubbed “Copy Fail,” allows an unprivileged local attacker to…
CISA Orders Federal Agencies to Patch Windows Zero-Day Exploited by Russian APT28
Overview The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critical Windows vulnerability, tracked…
New DEEP#DOOR Python Backdoor Targets Browser and Cloud Credentials via Tunneling Service
Overview Security researchers at Securonix have uncovered a stealthy Python-based backdoor framework dubbed DEEP#DOOR that establishes persistent access on compromised…
PyTorch Lightning Compromised: Malicious Versions Push Credential-Stealing Malware to Developers
Overview The open-source PyTorch Lightning Python framework was hit by a supply chain attack on April 30, 2026, with threat…
MostereRAT Phishing Campaign Uses Advanced Evasion to Deliver Stealthy Remote Access Malware
The attack leverages obscure programming languages, mTLS-secured C2, and Windows privilege abuse to achieve persistence and evade detection.
Docker API Exploits Evolve Into Botnet-Building Malware With Persistent Access
Attackers are shifting from cryptomining to building a multi-vector botnet that can replicate, persist, and prepare for broader attacks.
Microsoft September Patch Tuesday Fixes 81 Flaws, Including Two Zero-Days
The update addresses nine critical bugs and two publicly disclosed vulnerabilities in Windows SMB and SQL Server.
Adobe Issues Emergency Patch for ‘SessionReaper,’ One of the Most Severe Magento Flaws Ever
The critical bug could let attackers hijack customer accounts without authentication through Adobe Commerce and Magento REST APIs.
SAP Patches 21 Vulnerabilities, Including Three Critical Flaws in NetWeaver
The September fixes include a maximum-severity bug that could let attackers execute arbitrary commands via exposed SAP NetWeaver components.
Plex Urges Password Resets After Latest Data Breach Exposes User Credentials
The streaming service confirmed attackers accessed usernames, emails, and hashed passwords, marking the second major breach in three years.
Massive Scans Target Cisco ASA Devices, Raising Fears of Imminent Exploit
A surge in reconnaissance activity against Cisco ASA devices may foreshadow the disclosure of a new vulnerability, researchers warn.
Spotlight
GhostAction Supply Chain Attack Leaks 3,325 Secrets from GitHub Projects
The attack exploited compromised maintainer accounts to silently inject malicious GitHub Actions workflows into hundreds of repositories.
Lovesac Discloses Data Breach Linked to RansomHub Ransomware Attack
Hackers infiltrated Lovesac's internal systems for over two weeks, stealing personal data and prompting a RansomHub ransomware extortion attempt.
Scammers Exploit Apple iCloud Calendar to Deliver Callback Phishing Emails
A new phishing scheme uses legitimate Apple email infrastructure to bypass spam filters and trick victims into calling fake support numbers.
Phishing in Plain Sight: Malicious SVG Files Impersonate Colombia’s Judiciary to Spread Malware
VirusTotal’s AI-enhanced detection revealed an SVG-based phishing campaign that slipped past traditional antivirus tools by disguising malicious portals as official judicial sites.
Features
Nx ‘s1ngularity’ NPM Attack Exposes Thousands of Secrets via AI-Powered Credential Theft
Attackers used AI prompt engineering to enhance a supply chain attack that compromised thousands of GitHub accounts and repositories through…
Malicious npm Packages Impersonate Flashbots to Steal Ethereum Wallet Credentials
Newly discovered npm packages targeting Ethereum developers disguise themselves as trusted cryptographic tools while stealthily exfiltrating private keys and mnemonic…
CastleRAT and CastleLoader: Inside TAG-150’s Expanding Malware Arsenal
The powerful new remote access trojan with Python and C variants shows TAG-150's growing sophistication in delivering modular, evasive malware…
Wealthsimple Discloses Data Breach Exposing Private Customer Information
A software supply chain compromise exposed sensitive personal data of Wealthsimple clients, though funds and passwords remain secure.
Argo CD Flaw Exposes Git Credentials via Low-Level API Tokens
Even minimal project-level permissions can now unlock sensitive repository credentials in unpatched versions of the tool.
SAP S/4HANA Code Injection Flaw Under Active Exploitation, Patch Now Urged
Researchers warn that unpatched systems are already being breached as attackers weaponize the flaw against exposed SAP servers.
