The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
Infosecurity Magazine

Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim ...
The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

These Republicans weigh run for mayor with 2023 'bloodbath' in mind

Jerry Holland's decision to run for elections supervisor rather than mayor leaves three Republicans considering challenge to ...

Who did the Buffalo Bills draft? 2026 picks, trades, grades, analysis

The Buffalo Bills entered the 2026 NFL Draft with limited early capital. That has changed. Buffalo began Thursday night with ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...

New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...
SecurityWeek

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA has added eight more vulnerabilities to the KEV catalog, including Cisco, Kentico, and Zimbra flaws not previously ...

Thousands of companies file claims as U.S. tariff refund system launches

Learning Resources, one of the plaintiffs in the lawsuit that led to the tariffs’ undoing, is seeking some US$10-million in ...
The Caledonian-Record

ESET Research discovers new China-aligned group, GopherWhisper: It abuses messaging services ...

ESET Research has uncovered a new China-aligned APT group, which has been named GopherWhisper, that targets governmental institutions in Mongolia.GopherWhisper leverages Discord, Slack, Microsoft 365 ...
Cult of Mac

Make your iPhone completely hacker-proof — with a huge downside

But if you feel you absolutely must use it, or are just curious, enabling Lockdown Mode on your iPhone is easy. Open the ...