Path traversal flaw in AI dev platform Langflow exploited in attacks
…Hackers used AI to develop zero-day exploit for web admin tool Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw Anthropic rolls out Claude Fable 5, but it's available…
Search
Glassworm botnet disrupted after resilient C2 infrastructure takedown
Glassworm botnet disrupted after resilient C2 infrastructure takedown By Ionut Ilascu May 27, 2026 09:28 AM The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers…
Chinese hackers use new Atlas RAT malware in European cyberattacks
…RomulusLoader was deployed to launch legitimate remote management tools such as AnyDesk and SyncFuture, a remote monitoring software tool popular in China. Weirdly, the latter was used in attacks targeting German entities…
GitHub investigates internal repositories breach claimed by TeamPCP
…GitHub's cloud-based development platform is used by more than 4 million organizations (including 90% of the Fortune 100) and over 180 million developers who contribute to more than 420 million…
Apple blocked over $11 billion in App Store fraud in 6 years
…Apple also terminated 193,000 developer accounts due to fraud concerns, rejected more than 138,000 developer enrollments, and deactivated an additional 40.4 million customer accounts suspected of fraud and abuse…
Microsoft warns of Exchange zero-day flaw exploited in attacks
…Admins with servers in air-gapped environments can also mitigate the flaw by downloading the latest Exchange on-premises Mitigation Tool (EOMT) version and applying the mitigation by running the script via…
Leaked Shai-Hulud malware fuels new npm infostealer campaign
…A threat actor using the account deadcode09284814 published four malicious packages on npm and embedded one of them with a non-obfuscated version of Shai-Hulud that targeted developer credentials, secrets, cryptocurrency…
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
…In late April, Tycoon2FA was observed in a campaign that leveraged the OAuth 2.0 device authorization grant flows to compromise Microsoft 365 accounts, indicating that the operator continues to develop the…
Microsoft investigates Office Apps, Teams file access issues
…This is a developing story... The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an…
GitHub links repo breach to TanStack npm supply-chain attack
…and over 180 million developers who contribute to more than 420 million code repositories. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but…