Cyber Reports Cybersecurity News & Information

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

SAN FRANCISCO — GitHub has launched a new set of security upgrades for npm designed to reduce software supply chain attacks, introducing two-factor authentication (2FA)-gated publishing...

Cybersecurity1 day ago

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

A serious software supply chain attack has been uncovered targeting multiple PHP packages within the Laravel-Lang ecosystem, raising alarm across the developer and cybersecurity communities. The...

Artificial Intelligence1 day ago

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

A major advancement in AI-driven cybersecurity has emerged after Anthropic revealed that its experimental security initiative, Project Glasswing, has discovered more than 10,000 high- and critical-severity...

Cybersecurity2 days ago

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

A critical security vulnerability affecting Drupal Core is now being actively exploited across the internet, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add...

AI Security2 days ago

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A newly disclosed critical vulnerability affecting the LiteSpeed User-End cPanel Plugin is being actively exploited by attackers, according to security warnings released by LiteSpeed Technologies. Tracked...

Cybersecurity Alerts3 days ago

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal has released urgent security updates to address a highly critical vulnerability that could allow attackers to execute malicious code, escalate privileges, or access sensitive information...

Cloud Technology4 days ago

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub has confirmed that a recent breach of its internal repositories was caused by a compromised employee device infected through a malicious version of the popular...

Cybersecurity5 days ago

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft has dismantled a large-scale malware-signing-as-a-service (MSaaS) operation allegedly used to distribute ransomware and other malicious software under the guise of legitimate applications. The disruption, carried...

Technology Industry5 days ago

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

Microsoft has released two new open-source tools—RAMPART and Clarity—aimed at improving how developers design, test, and secure AI agents throughout the development lifecycle. The announcement marks...

Cybersecurity5 days ago

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

Cybersecurity Desk: A fast-moving software supply chain attack campaign known as “Mini Shai-Hulud” has compromised multiple widely used npm packages in the @antv ecosystem, raising fresh...

Hackers email stolen student data to parents of Nevada school district

BIG-IP Vulnerability Allows Attackers to Execute Remote Code

CISA needs more money and less red tape, report says

CISA and HHS look to help the health sector ramp up cyber hygiene

Latest

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Trending

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

Cyber Security

Pentagon cyber official calls advanced AI ‘revolutionary warfare’

Brazil’s LofyGang Returns After Three Years With Minecraft LofyStealer Malware Campaign Targeting Gamers

Authorities takedown global proxy network SocksEscort

Critical Google Chrome Flaw Enabled Malicious Extensions to Hijack Gemini AI Panel

TikTok Secures U.S. Future With New Joint Venture Under 2025 Executive Order

Your Digital Footprint Can Lead Right to Your Front Door

Business

RSAC 2026 Conference Announcements Summary (Days 3-4)

ServiceNow to Acquire Armis for $7.75 Billion in Cash

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack

IoT security threats highlight the need for zero trust principles

New infosec products of the week: October 27, 2023

Raven: Open-source CI/CD pipeline security scanner

Tech

IoT security threats highlight the need for zero trust principles

New infosec products of the week: October 27, 2023

Raven: Open-source CI/CD pipeline security scanner

Apple news: iLeakage attack, MAC address leakage bug

Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto

HackerOne paid ethical hackers over $300 million in bug bounties

More News

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

Categories

Recent Posts

Recent Comments

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Melis Platform CMS patched for critical RCE flaw

Warning: Google Alerts abused to push fake Adobe Flash updater

MaginotDNS attacks exploit weak checks for DNS cache poisoning

Illinois’ financial crisis could bring the state to a halt

The final 6 ‘Game of Thrones’ episodes might feel like a full season

New Season 8 Walking Dead trailer flashes forward in time