Live Threat IntelLive
Official SAP npm packages compromised to steal credentials(Bleeping Computer)Popular WordPress redirect plugin hid dormant backdoor for years(Bleeping Computer)Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining(Bleeping Computer)Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack(The Register)SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack(The Hacker News)VECT Ransomware is a Wiper, Not Ransomware — Don’t Bother Paying, Says Check Point Research(DataBreaches.net)CISA flags data-theft bug in NSA-built OT networking tool(The Register)Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error(Dark Reading)New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs(The Hacker News)Over 200 Japanese firms have paid ransomware attackers; 60% fail to recover data(DataBreaches.net)AR: Pine Bluff School District loses $3.2 million in business email compromise attack(DataBreaches.net)Learning from the Vercel breach: Shadow AI & OAuth sprawl(Bleeping Computer)Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure(SecurityWeek)Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities(Dark Reading)Researchers Track 2.9 Billion Compromised Credentials(Infosecurity Magazine)Checkmarx Confirms Data Stolen in Supply Chain Attack(SecurityWeek)Critical Flaw Turns Vect Ransomware into Data Destroying Wiper(Infosecurity Magazine)CISA orders feds to patch Windows flaw exploited as zero-day(Bleeping Computer)Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately(The Hacker News)ShinyHunters exploit Anodot incident to target Vimeo(Security Affairs)Critical GitHub Vulnerability Exposed Millions of Repositories(SecurityWeek)LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure(The Hacker News)BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures(Dark Reading)Broken VECT 2.0 ransomware acts as a data wiper for large files(Bleeping Computer)CVE-2026-3854 GitHub flaw enables remote code execution(Security Affairs)Feuding Ransomware Groups Leak Each Other's Data(Dark Reading)Vidar Rises to Top of Chaotic Infostealer Market(Dark Reading)Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push(The Hacker News)Vimeo Confirms User and Customer Data Breach(SecurityWeek)Medtronic Confirms Data Breach After ShinyHunters Claims(Infosecurity Magazine)VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi(The Hacker News)Signal Phishing Campaign Targets German Officials in Suspected Russian Operation(Security Affairs)The “BlueLeaks 2.0” Breach: Will there be any accountability? Senators start with transparency.(DataBreaches.net)Ransomware Turf War as 0APT and KryBit Groups Trade Blows(Infosecurity Magazine)Chinese National Extradited Over Silk Typhoon Cyber Campaign(Infosecurity Magazine)New Android spyware Morpheus linked to Italian surveillance firm(Security Affairs)Cherry Health continues to experience issues, but hasn’t publicly acknowledged ransomware attack (Updated)(DataBreaches.net)Regulator fines Fidelity Brokerage Services $1.25M over data breach(DataBreaches.net)Ongoing supply-chain attack 'explicitly targeting' security, dev tools(The Register)UNC6692 Combines Social Engineering, Malware, Cloud Abuse(Dark Reading)Official SAP npm packages compromised to steal credentials(Bleeping Computer)Popular WordPress redirect plugin hid dormant backdoor for years(Bleeping Computer)Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining(Bleeping Computer)Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack(The Register)SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack(The Hacker News)VECT Ransomware is a Wiper, Not Ransomware — Don’t Bother Paying, Says Check Point Research(DataBreaches.net)CISA flags data-theft bug in NSA-built OT networking tool(The Register)Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error(Dark Reading)New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs(The Hacker News)Over 200 Japanese firms have paid ransomware attackers; 60% fail to recover data(DataBreaches.net)AR: Pine Bluff School District loses $3.2 million in business email compromise attack(DataBreaches.net)Learning from the Vercel breach: Shadow AI & OAuth sprawl(Bleeping Computer)Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure(SecurityWeek)Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities(Dark Reading)Researchers Track 2.9 Billion Compromised Credentials(Infosecurity Magazine)Checkmarx Confirms Data Stolen in Supply Chain Attack(SecurityWeek)Critical Flaw Turns Vect Ransomware into Data Destroying Wiper(Infosecurity Magazine)CISA orders feds to patch Windows flaw exploited as zero-day(Bleeping Computer)Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately(The Hacker News)ShinyHunters exploit Anodot incident to target Vimeo(Security Affairs)Critical GitHub Vulnerability Exposed Millions of Repositories(SecurityWeek)LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure(The Hacker News)BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures(Dark Reading)Broken VECT 2.0 ransomware acts as a data wiper for large files(Bleeping Computer)CVE-2026-3854 GitHub flaw enables remote code execution(Security Affairs)Feuding Ransomware Groups Leak Each Other's Data(Dark Reading)Vidar Rises to Top of Chaotic Infostealer Market(Dark Reading)Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push(The Hacker News)Vimeo Confirms User and Customer Data Breach(SecurityWeek)Medtronic Confirms Data Breach After ShinyHunters Claims(Infosecurity Magazine)VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi(The Hacker News)Signal Phishing Campaign Targets German Officials in Suspected Russian Operation(Security Affairs)The “BlueLeaks 2.0” Breach: Will there be any accountability? Senators start with transparency.(DataBreaches.net)Ransomware Turf War as 0APT and KryBit Groups Trade Blows(Infosecurity Magazine)Chinese National Extradited Over Silk Typhoon Cyber Campaign(Infosecurity Magazine)New Android spyware Morpheus linked to Italian surveillance firm(Security Affairs)Cherry Health continues to experience issues, but hasn’t publicly acknowledged ransomware attack (Updated)(DataBreaches.net)Regulator fines Fidelity Brokerage Services $1.25M over data breach(DataBreaches.net)Ongoing supply-chain attack 'explicitly targeting' security, dev tools(The Register)UNC6692 Combines Social Engineering, Malware, Cloud Abuse(Dark Reading)