Security news.
Today's security landscape highlights a surge in supply chain attacks and sophisticated malware campaigns. Threat actors are leveraging novel techniques, including post-quantum encryption and legitimate APIs, while critical vulnerabilities in widely used software and industrial control systems demand immediate attention.
Self-Propagating Supply Chain Worm Hijacks npm Packages
A new supply chain worm, dubbed CanisterSprawl, is compromising npm packages to steal developer tokens and spread through compromised accounts.
Malicious KICS Docker Images and VS Code Extensions Target Checkmarx Supply Chain
Threat actors pushed malicious images to the official "checkmarx/kics" Docker Hub repository, overwriting existing tags and introducing new, unofficial releases.
Kyber Ransomware Gang Uses Post-Quantum Encryption
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints, with one variant implementing Kyber1024 post-quantum encryption.
Microsoft Patches Critical ASP.NET Core Privilege Escalation Bug
Microsoft released out-of-band updates for CVE-2026-40372, a critical (CVSS 9.1) privilege escalation vulnerability in ASP.NET Core.
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution
A critical vulnerability (CVE-2026-5752, CVSS 9.3) in the Python-based Terrarium sandbox allows arbitrary code execution with root privileges and container escape.
Harvester Deploys Linux GoGra Backdoor Using Microsoft Graph API
The Harvester threat actor is using a new Linux version of its GoGra backdoor, leveraging the legitimate Microsoft Graph API and Outlook mailboxes for covert C2 communications.
New Wiper Malware Targeted Venezuelan Energy Sector
Dubbed Lotus Wiper, this previously undocumented malware was used in destructive attacks against Venezuela's energy and utilities sector, targeting recovery mechanisms and overwriting drives.
Over 1,300 Microsoft SharePoint Servers Vulnerable to Spoofing
More than 1,300 Microsoft SharePoint servers remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being actively abused.