HackenPost blogs - HACKENPOST FOR YOU

Data Breaches

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving…

May 23, 2026

Data Breaches

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to…

May 23, 2026

Data Breaches

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across…

May 23, 2026

Data Breaches

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging…

May 23, 2026

Data Breaches

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The…

May 23, 2026

Data Breaches

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal…

May 23, 2026

Data Breaches

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service…

May 22, 2026

Data Breaches

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151) has been observed using lures related to…

May 22, 2026

Data Breaches

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits…

May 22, 2026

Data Breaches

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend…

May 22, 2026

Hand-Picked Top-Read Stories

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Trending Tags

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor