CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities
Ravie LakshmananJan 23, 2026Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure…
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
The North Korean threat actors associated with the long-running Contagious Interview campaign…
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed…
n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens
Jan 12, 2026Ravie LakshmananVulnerability / Workflow Automation Threat actors have been observed…
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Dec 31, 2026Ravie LakshmananSoftware Security / Data Breach Trust Wallet on Tuesday…
Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens
Cybersecurity researchers have disclosed details of a new malicious package on the…
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation
Dec 18, 2025Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure…
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted…
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Dec 05, 2025Ravie LakshmananVulnerability / Software Security Two hacking groups with ties…