Miasma campaign poisons 20-plus npm packages, hunts for developer secrets

Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...
techtimes

Hotel Phishing Attack Uses Calendly to Bypass Email Authentication Filters

A phishing campaign that has been targeting hotels across Europe and Asia since April 2026 is exploiting a fundamental flaw in how enterprise email security works — routing malicious messages through ...
The Hacker News

Search results for ethereum | Breaking Cybersecurity News | The Hacker News

"EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and downloads its own Node.js runtime from nodejs.org," ...
The Hacker News

CloudFlare | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The ...
Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
Infosecurity Magazine

Lookalike npm Package Hides a Multi-Stage Windows RAT

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
GitHub

Mr-xn/Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell ...