CRITICAL

Why supply chain attacks work and what detection can actually do about it

SC Media • Jun 02, 2026

HIGH

Red Hat npm packages compromised to steal developer credentials

BleepingComputer • Jun 01, 2026

CRITICAL

Dozens of Red Hat packages backdoored through its offical NPM channel

Ars Technica Security • Jun 01, 2026

MEDIUM

A practical checklist for evaluating npm packages (supply chain attacks, slopsquatting, etc.)

Reddit r/netsec • May 29, 2026

HIGH

Russia-linked threat group put ChatGPT to work from lure to payload

The Register Security • May 29, 2026

LOW

What scanners are actually trying against AI infrastructure

Reddit r/netsec • May 28, 2026

MEDIUM

CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain

CyberScoop • May 27, 2026

HIGH

Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign

Infosecurity Magazine • May 26, 2026

HIGH

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

The Hacker News • May 26, 2026

CRITICAL

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

The Hacker News • May 22, 2026

HIGH

‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested

SecurityWeek • May 22, 2026

HIGH

GitHub internal repositories breached

Sophos News • May 20, 2026

HIGH

GitHub links repo breach to TanStack npm supply-chain attack

BleepingComputer • May 21, 2026

CRITICAL

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

The Hacker News • May 21, 2026

MEDIUM

The IBM X-Force Index 2026 explains all three in one finding.

Reddit r/netsec • May 20, 2026

HIGH

GitHub Confirms Hack Impacting 3,800 Internal Repositories

SecurityWeek • May 20, 2026

HIGH

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

CSO Online • May 19, 2026

HIGH

Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool

Infosecurity Magazine • May 19, 2026

MEDIUM

FIFA World Cup scams target fans and businesses

SC Media • May 18, 2026

MEDIUM

201 arrested in INTERPOL disruption of phishing and fraud networks

Help Net Security • May 18, 2026

HIGH

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

SecurityWeek • May 15, 2026

HIGH

Hunting the Behavior Behind npm Supply Chain Attacks

Reddit r/netsec • May 14, 2026

CRITICAL

‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack

CyberScoop • May 12, 2026

HIGH

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

The Hacker News • May 12, 2026

HIGH

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

The Hacker News • May 11, 2026

HIGH

Small Defense Firms Lack Network Data to Stop Nation-State Hackers, Analyst Says

Infosecurity Magazine • May 04, 2026

MEDIUM

Social Engineering Leveled Up. Has Your Security Program?

Huntress • May 01, 2026

HIGH

Ubuntu infrastructure has been down for more than a day

Ars Technica Security • May 01, 2026

CRITICAL

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

The Hacker News • Apr 30, 2026

MEDIUM

'Mini Shai-Hulud' supply chain attack targets SAP npm packages

Sophos News • Apr 29, 2026

MEDIUM

Kuse Web App Abused to Host Phishing Document

Trend Micro Research • Apr 29, 2026

HIGH

More fake extensions linked to GlassWorm found in Open VSX code marketplace

CSO Online • Apr 29, 2026

CRITICAL

Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers

Snyk • Apr 27, 2026

HIGH

Tradecraft Tuesday Recap: axios npm Supply Chain Compromise

Huntress • Apr 21, 2026

MEDIUM

Supply chain attacks hit Checkmarx and Bitwarden developer tools

Sophos News • Apr 24, 2026

MEDIUM

Anthropic probes alleged third-party breach of Claude Mythos

SC Media • Apr 23, 2026

HIGH

A dozen allied agencies say China is building covert hacker networks out of everyday routers

CyberScoop • Apr 23, 2026

HIGH

Malicious pgserve, automagik developer tools found in npm registry

CSO Online • Apr 23, 2026

CRITICAL

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

The Hacker News • Apr 22, 2026

HIGH

The LiteLLM attack was a warning shot for Agentic AI supply chains

SC Media • Apr 22, 2026

MEDIUM

After Bluesky, Mastodon Targeted in DDoS Attack

SecurityWeek • Apr 22, 2026

HIGH

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

SecurityWeek • Apr 18, 2026

HIGH

Why the Axios attack proves AI is mandatory for supply chain security

CyberScoop • Apr 20, 2026

MEDIUM

How attackers automate social media reconnaissance to craft personalized phishing emails in 2026

Reddit r/netsec • Apr 15, 2026

HIGH

Python Supply-Chain Compromise

Schneier on Security • Apr 08, 2026

HIGH

Supply Chain Compromise of axios npm Package

Huntress • Mar 31, 2026

HIGH

Software supply chain hacks trigger wave of intrusions, data theft

Help Net Security • Apr 02, 2026

HIGH

Mercor Hit by LiteLLM Supply Chain Attack

SecurityWeek • Apr 02, 2026

MEDIUM

AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack

The Register Security • Apr 02, 2026

HIGH

How we caught the Axios supply chain attack

Elastic Security Labs • Apr 02, 2026

HIGH

Mitigating the Axios npm supply chain compromise

Microsoft Security Blog • Apr 01, 2026

CRITICAL

Axios npm Supply Chain Compromise

FortiGuard Threat Signal • Mar 31, 2026

HIGH

Supply chain attack on Axios npm package: Scope, impact, and remediations

Tenable Research • Mar 31, 2026

CRITICAL

Emergency Webcast Briefing: Axios NPM Supply Chain Compromise

SANS Institute • Mar 31, 2026

HIGH

Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines

The Register Security • Mar 31, 2026

CRITICAL

Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT

Snyk • Mar 30, 2026

CRITICAL

Axios npm package compromised in supply chain attack. Downloads malware dropper package

Reddit r/netsec • Mar 31, 2026

CRITICAL

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

The Hacker News • Mar 28, 2026

HIGH

Risky Business #830 -- LiteLLM and security scanner supply chains compromised

Risky Business • Mar 25, 2026

CRITICAL

1K+ cloud environments infected following Trivy supply chain attack

The Register Security • Mar 24, 2026

HIGH

Trivy supply-chain attack spreads to Docker, GitHub repos

BleepingComputer • Mar 23, 2026

HIGH

Trivy Supply Chain Attack Expands With New Compromised Docker Images

Infosecurity Magazine • Mar 23, 2026

HIGH

Trivy Supply Chain Attack: What Happened and What You Need to Know

Aqua Security • Mar 21, 2026

HIGH

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

The Hacker News • Mar 21, 2026

CRITICAL

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

CSO Online • Mar 21, 2026

HIGH

The espionage reality: Your infrastructure is already in the collection path

CSO Online • Mar 20, 2026

HIGH

Cybercrime has skyrocketed 245% since the start of the Iran war

The Register Security • Mar 16, 2026

MEDIUM

FBI Calls for Help to Track Steam Malware Campaign

Infosecurity Magazine • Mar 16, 2026

HIGH

Supply-chain attack using invisible code hits GitHub and other repositories

Ars Technica Security • Mar 13, 2026

HIGH

The Future of Supply Chain Backdoor Detections

Eclypsium • Mar 11, 2026

HIGH

Hackers may have breached FBI wiretap network via supply chain

Malwarebytes Labs • Mar 10, 2026

HIGH

Internet Infrastructure TLD .arpa Abused in Phishing Attacks

SecurityWeek • Mar 09, 2026

MEDIUM

From Ukraine to Iran, Hacking Security Cameras Is Now Part of War’s ‘Playbook’

Wired Security • Mar 06, 2026

MEDIUM

[NEU] [mittel] cPanel/WHM: Schwachstelle ermöglicht Offenlegung von Informationen

BSI Germany • Feb 26, 2026

HIGH

Hacker knackt 600 Firewalls in einem Monat – mit KI

CSO Online • Feb 25, 2026

HIGH

Know the red flags: Business email compromise signs to look out for

CSO Online • Feb 24, 2026

HIGH

How to prevent business email compromise

CSO Online • Feb 24, 2026

MEDIUM

The Art of Deception: How Threat Actors Master Typosquatting Campaigns to Bypass Detection

CrowdStrike •

HIGH

Attackers Use New Tool to Scan for React2Shell Exposure

Dark Reading • Feb 20, 2026

MEDIUM

Google: state-backed hackers exploit Gemini AI for cyber recon and attacks

Web Discovery • Feb 09, 2026

MEDIUM

Google: State-backed hackers using Gemini AI at every stage of attacks

Web Discovery • Feb 12, 2026

CRITICAL

Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far

Web Discovery • Feb 09, 2026

HIGH

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

The Hacker News • Feb 12, 2026

MEDIUM

Google: China's APT31 used Gemini to plan cyberattacks against US orgs

The Register Security • Feb 12, 2026

HIGH

State actor targets 155 countries in 'Shadow Campaigns' espionage op

BleepingComputer • Feb 07, 2026

MEDIUM

The Shadow Campaigns: Uncovering Global Espionage

Unit 42 • Feb 05, 2026

HIGH

Wave of Citrix NetScaler scans use thousands of residential proxies

BleepingComputer • Feb 03, 2026

LOW

Scanning for exposed Anthropic Models, (Mon, Feb 2nd)

SANS ISC • Feb 02, 2026

MEDIUM

Scanning Webserver with /$(pwd)/ as a Starting Path, (Sun, Jan 25th)

SANS ISC • Jan 26, 2026