Security news.
Today's security landscape is marked by active exploitation of critical vulnerabilities, a surge in supply chain attacks targeting developer environments, and significant law enforcement action against cybercrime. Several high-profile breaches and zero-day exploits underscore the persistent threat to both enterprise and individual users.
Leaked Shai-Hulud Malware Fuels New npm Infostealer Campaign
The recently leaked Shai-Hulud malware is now being actively used in new attacks targeting the Node Package Manager (npm) index, with infected packages emerging over the weekend.
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation
A security researcher has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day, codenamed MiniPlasma, which grants SYSTEM privileges on fully patched Windows systems by exploiting a flaw in "cldflt.sys."
Exploitation of Critical NGINX Vulnerability Begins
A critical heap buffer overflow vulnerability in NGINX (CVE-2026-42945), affecting versions 0.6.27 through 1.30.0, is now being actively exploited in the wild, leading to denial-of-service and potential remote code execution.
Exploit Available for New DirtyDecrypt Linux Root Escalation Flaw
A proof-of-concept exploit has been released for a recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module, allowing attackers to gain root access on some Linux systems.
Grafana Says Stolen GitHub Token Let Hackers Steal Codebase
Grafana Labs disclosed that hackers downloaded its source code after breaching its GitHub environment using a stolen access token, though no customer data or systems were impacted.
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
INTERPOL coordinated a major cybercrime crackdown across the Middle East and North Africa, resulting in 201 arrests and the identification of 382 additional suspects involved in malicious activities.
7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand
7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed to have stolen over 600,000 Salesforce records, including personal and corporate data.
Millions Impacted Across Several US Healthcare Data Breaches
Multiple healthcare data breaches impacting hundreds of thousands to millions of individuals have been added to the HHS tracker, highlighting ongoing vulnerabilities in the sector.