Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. [...]
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. [...]
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem.
SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in the Commerce Cloud enterprise-grade e-commerce platform and the S/4HANA ERP suite. [...]
O Google identificou o que considera um marco preocupante na evolução das ameaças digitais: um grupo criminoso teria usado inteligência artificial para descobrir uma vulnerabilidade desconhecida e desenvolver uma exploração contra uma ferramenta amplamente usada de administração …
Your private medical records are vulnerable. Here’s why. The Washington Post
Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question…
Sete em cada dez brasileiros foram vítimas de golpe digital nos últimos 12 meses. O dado é do relatório "Estado dos Golpes no Brasil 2025", da Global Anti-Scam Alliance (GASA), que também aponta uma média de 252 tentativas de fraude por pessoa ao longo do ano. É nesse cenário que…
Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an "agreement" with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. [...]
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been …
Investors including Bezos Expeditions and Thiel Bio supported HistoSonics’ expansion plans last year by participating in a $250 million financing round.
American educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In…
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak c…
Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out t…
California Attorney General Rob Bonta announced a proposed $12.75 million settlement agreement with General Motors (GM) over allegations that the company violated the California Consumer Privacy Act (CCPA). [...]
Production-version patches are coming online and should be installed pronto.
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. [...]
A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on SMB network shares. [...]
Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.
Com mais de 1.200 marcas expositoras, principal evento de saúde da América Latina reunirá líderes do setor em torno de inovação, eficiência operacional, experiência do paciente e transformação digital. Participe! The post Conectividade e IA impulsionam Hospitalar 2026 como hub de…
Uma empresa britânica de água potável foi multada em 1,1 milhão de euros devido a uma violação de dados iniciada por um e-mail de phishing que levou a um ataque de ransomware. A penalidade foi aplicada pelo regulador britânico de privacidade ICO, conforme divulgado ontem (11 de m…