1. A critical SQL injection vulnerability in Drupal Core tracked as CVE-2026-9082 is being actively exploited with over 15000 attempts recorded across 6000 sites (The Hacker News).
2. The LiteSpeed User-End cPanel Plugin is under active exploitation via CVE-2026-48172 which allows attackers to execute arbitrary scripts with root privileges (The Hacker News).
3. The Megalodon campaign compromised over 5500 GitHub repositories within six hours by leveraging fake pull requests to target CI workflows (Reddit).
4. Laravel Lang packages were hijacked to deploy credential stealing malware by abusing GitHub version tags to distribute malicious code (Bleeping Computer).
5. A coordinated supply chain attack on Packagist infected eight packages with malicious code designed to execute Linux binaries (The Hacker News).
6. Italian authorities dismantled the CINEMAGOAL piracy ecosystem which was used to steal streaming authentication codes from users (Bleeping Computer).
7. Dutch authorities seized 800 servers belonging to a hosting firm that was allegedly facilitating cyberattacks (Reddit).
8. A merchandise website linked to Kash Patel went offline following reports that it was distributing malware to visitors (Reddit).
9. Researchers identified that a large number of n8n automation templates contain critical vulnerabilities (Reddit).
10. A Zyxel super-admin credential leak has expanded to affect a wider range of devices including CPE, ONT, LTE, and 5G hardware (Reddit).
11. Anthropic reported that its Mythos AI initiative has identified over 10000 high or critical severity vulnerabilities in global software (The Hacker News).
12. GitHub introduced staged publishing for npm to mitigate supply chain attacks by requiring 2FA for package releases (The Hacker News).
Be First to Comment