Skip to content
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Ravie LakshmananMay 23, 2026Software Supply Chain / DevSecOps GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior… 

Read More »npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Ravie LakshmananMay 23, 2026Malware / DevSecOps A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. “Although… 

Read More »Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Ravie LakshmananMay 23, 2026Artificial Intelligence / Vulnerability Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world… 

Read More »Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Ravie LakshmananMay 23, 2026Supply Chain Attack / Malware Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The… 

Read More »Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Spend only on this MS Office and Windows 11 Pro together — without subscriptions

Spend only $26 on this MS Office and Windows 11 Pro together — without subscriptions

TL;DR: Get lifetime access to Microsoft Office Professional Plus 2019 and Windows 11 Pro for just $25.99 (MSRP $428) and upgrade your PC with Word, Excel, PowerPoint, Outlook, and modern Windows productivity features without subscriptions. Trying to work… 

Read More »Spend only $26 on this MS Office and Windows 11 Pro together — without subscriptions
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

Ravie LakshmananMay 23, 2026Vulnerability / Web Security A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an… 

Read More »LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

Ravie LakshmananMay 23, 2026Vulnerability / Website Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on… 

Read More »Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV