Collaborate Disseminate
The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of financially-motivated North Korean attackers. Links to UNC1069 On March 31, 2026, unknown… Continue reading North Korean hackers linked to Axios npm supply chain compromise
Google has fixed 21 vulnerabilities affecting its popular Chrome browser, among them a zero-day (CVE-2026-5281) with an in-the-wild exploit. About CVE-2026-5281 As per usual, information about the fixed zero-day is limited, and there’s no details… Continue reading Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)
Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availability of EvilTokens, a new, specialized phishing toolkit that’s being offered as-a-service v… Continue reading EvilTokens ramps up device code phishing targeting Microsoft 365 users
An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages backdoored with a malicious dependency that triggered the installation of droppers and remote … Continue reading Axios npm packages backdoored in supply chain attack
TeamPCP’s destructive run of supply chain breaches has stopped, for now: it has been three days since the group published malicious versions of Telnyx’s SDK on PyPI, and there haven’t been reports of new open-source project compromises. Par… Continue reading TeamPCP’s attack spree slows, but threat escalates with ransomware pivot
A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on various platforms, is under active exploitation. The warning comes from Defused Cyb… Continue reading Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)
A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Manager (APM) solution is under active exploitation, the US Cybersecurity and Infrastructure Security Agency warned on Friday. CISA added… Continue reading Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)
TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service. According to Endor Lab… Continue reading TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017, a recently disclosed code injection vulnerability in Langflow, an open-source framework for… Continue reading CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation
Telecommunications providers around the world have been dealing with the burrowing efforts of the China-linked APTs for many years now. To help them identify hard-to-detect implants used by the China-based group dubbed Red Menshen, Rapid7 researchers h… Continue reading Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks