SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

Hackers are exploiting a critical vulnerability in Mirasvit Full Page Cache Warmer to execute code remotely on Magento ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
Tech Times

Fake Claude Code Installers on 32 Live Sites Steal Developer API Keys via Google Ads

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.
Tech Times

SVG Phishing Emails Bypass Email Security: SANS Flags New MIME-Type Evasion

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...
Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
The Hacker News

New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

GREYVIBE targeted Ukraine since August 2025 using AI-assisted malware campaigns, increasing espionage capabilities and attribution challenges.

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...

Understanding Tor: Anonymous Browsing, Usage, and Legal Aspects

Discover Tor, a privacy network for anonymous browsing. Learn how it's used, its legality, and who benefits from it, ...
The Hacker News

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

AI Agents Plunged the Tech World Into Chaos. Here’s Exactly How That Happened

The definitive story of how Claude Code and OpenClaw kicked off computing’s biggest transformation possibly ever.
PCMag

I Went Into the Dark Web So You Don't Have To. Here's What's Actually Down There

When you hear "the dark web," you probably think of illegal, sordid activity, but that's not the whole picture. I don't recommend staying long, but these tips can help you explore the dark web using ...