Security news.
Today's security news highlights a significant focus on supply chain attacks and the evolving tactics of state-backed threat actors. Multiple reports detail compromises of developer tools and cloud services, alongside warnings about sophisticated espionage campaigns from China-linked groups.
Bitwarden CLI npm package compromised to steal developer credentials
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm, containing a credential-stealing payload.
New Checkmarx supply-chain breach affects KICS analysis tool
Hackers compromised Docker images, VSCode, and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA added CVE-2026-39987, a Marimo Remote Code Execution Vulnerability, to its KEV Catalog based on evidence of active exploitation.
Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia
A Chinese APT group, GopherWhisper, is abusing legitimate cloud services like Microsoft Outlook, Slack, Discord, and file.io for command and control in espionage against Mongolian government entities.
UK warns of Chinese hackers using proxy networks to evade detection
The NCSC-UK and international partners issued a warning about China-nexus hackers increasingly using large-scale proxy networks of hijacked consumer devices to evade detection.
Trigona ransomware attacks use custom exfiltration tool to steal data
Recent Trigona ransomware campaigns are employing a custom, command-line tool for faster and more efficient data exfiltration from compromised environments.
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
A new threat cluster, UNC6692, is using social engineering via Microsoft Teams, impersonating IT helpdesk staff to deploy custom malware on victim hosts.
Apple fixes bug that let the FBI recover deleted Signal messages
Apple released out-of-band security updates for iOS/iPadOS (CVE-2026-28950) to fix a Notification Services flaw that could retain notifications marked for deletion on the device.