Security Week
Laravel-Lang Packages Poisoned for Malware Delivery
Published within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets.
The post Laravel-Lang Packages Poisoned for Malware Delivery appeared first on SecurityWeek.
DocketWise Data Breach Impacts 143,000
Hackers accessed names, addresses, Social Security numbers, financial information, and medical data from third-party partner repositories.
The post DocketWise Data Breach Impacts 143,000 appeared first on SecurityWeek.
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens.
The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek.
‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains
The stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic.
The post ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains appeared first on SecurityWeek.
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
Drupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites.
The post Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure appeared first on SecurityWeek.
In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
Other noteworthy stories that might have slipped under the radar: CISA contractor exposes credentials, Mythos testing and new features, Huawei router flaw triggered telecom blackout.
The post In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking appeared first on SecurityWeek.
Canadian Man Arrested for Operating Kimwolf Botnet
Jacob Butler, 23, has been arrested in Canada and US authorities are seeking his extradition on computer hacking charges.
The post Canadian Man Arrested for Operating Kimwolf Botnet appeared first on SecurityWeek.
‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested
The FBI says First VPN has been used by dozens of ransomware groups for network reconnaissance and intrusions.
The post ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested appeared first on SecurityWeek.
TrendAI Patches Apex One Zero-Day Exploited in the Wild
CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One.
The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek.
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated.
The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack appeared first on SecurityWeek.
Cisco Patches Critical Vulnerability in Secure Workload
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges.
The post Cisco Patches Critical Vulnerability in Secure Workload appeared first on SecurityWeek.
Ocean Emerges From Stealth With $28M for Agentic Email Security Platform
The company has developed a platform that uses specialized AI agents to inspect every incoming message.
The post Ocean Emerges From Stealth With $28M for Agentic Email Security Platform appeared first on SecurityWeek.
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
The company blocked over 1.1 billion accounts and $2.2 billion in potentially fraudulent transactions.
The post Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention appeared first on SecurityWeek.
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution.
The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek.
Socket Raises $60 Million at $1 Billion Valuation
The company will invest in its firewall, certified patches, protection extensions, new products, and team expansion.
The post Socket Raises $60 Million at $1 Billion Valuation appeared first on SecurityWeek.
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition.
The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days appeared first on SecurityWeek.
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’.
The post Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI appeared first on SecurityWeek.
Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking.
The post Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility appeared first on SecurityWeek.
Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution
The new Series A funding round brings the total raised by Quantum Bridge to $16 million.
The post Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution appeared first on SecurityWeek.
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
The exploitation is mitigated by preventing the FsTx Auto Recovery Utility from starting when the WinRE image launches.
The post Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass appeared first on SecurityWeek.