Search: platform releases

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

…According to supply-chain security platform SafeDep, although the trigger mechanism is different in compromised Mistral AI and TanStack packages, they drop the same credential-stealing payload. Microsoft Threat Intelligence analyzed the…

May 12, 2026 · Bill Toulas

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

…Users of the Burst Statistics plugin are recommended to upgrade to the patched release, version 3.4.2, released on May 12, 2026, or disable the plugin on their site. WordPress.org…

May 14, 2026 · Bill Toulas

Critical vm2 sandbox bug lets attackers execute code on hosts

…The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit…

May 6, 2026 · Bill Toulas

New GhostLock tool abuses Windows API to block file access

New GhostLock tool abuses Windows API to block file access By Lawrence Abrams May 11, 2026 06:02 PM A security researcher has released a proof-of-concept tool named GhostLock that…

May 11, 2026 · Lawrence Abrams

Microsoft says some users can't install Office on Windows 365 devices

…Days later, the company released multiple emergency, out-of-band updates for all affected Windows platforms to fix the Windows 365 remote desktop connection issue. The Validation Gap: Automated Pentesting Answers One…

May 13, 2026 · Sergiu Gatlan

Grafana breach caused by missed token rotation after TanStack attack

…When the malicious npm package was released, Grafana’s CI/CD workflow consumed it, and the info-stealer module executed in its GitHub environment, exfiltrating GitHub workflow tokens to the attackers. The…

May 20, 2026 · Bill Toulas

Australia warns of ClickFix attacks pushing Vidar Stealer malware

…Last year, the developer released a new version with upgraded capabilities. ACSC notes that Vidar deletes its executable after launching on the infected device and then operates from system memory, reducing forensic…

May 7, 2026 · Bill Toulas

Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days

…Fortinet released security updates for two critical flaws in FortiSandbox and FortiAuthenticator . Google released Android's May security bulletin , which fixes 10 vulnerabilities. Ivanti released security updates for a high-severity Endpoint…

May 12, 2026 · Lawrence Abrams

18-year-old NGINX vulnerability allows DoS, potential RCE

…NGINX is a massively used web server and reverse proxy platform, powering a third of the top ranked websites . It can efficiently balance load by distributing incoming network traffic to multiple backend…