Latest news
Cybercrime
Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials
2 June 2026 dark6
A sophisticated supply chain attack dubbed "Miasma: The Spreading Blight" has backdoored over 30 official @redhat-cloud-services npm packages, deploying credential-stealing...
Cybercrime
Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers
1 June 2026 dark6
Two coordinated supply chain attacks poisoned the Nx Console VS Code extension (2.2M installs) and backdoored 5,561 GitHub repositories simultaneously,...
Malware
Megalodon Campaign Backdoors 5,500+ GitHub Repositories in Six-Hour CI/CD Blitz
25 May 2026 dark6
The automated "Megalodon" attack campaign pushed malicious CI/CD backdoors into 5,561 GitHub repositories within 6 hours on May 18, 2026,...
Databreach
Grafana Labs Security Breach: Hackers Steal GitHub Token, Download Private Codebase, and Demand Ransom
18 May 2026 dark6
A threat actor infiltrated Grafana Labs GitHub environment using a stolen privileged token to download the company private codebase. The...
Cybercrime
84 TanStack npm Packages Poisoned in Sophisticated Supply-Chain Attack Stealing Cloud and CI Credentials
15 May 2026 dark6
Attackers compromised 84 npm artifacts across 42 TanStack packages — including react-router with 12M+ weekly downloads — injecting a credential-stealing...
Malware
Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack
28 April 2026 dark6
Security researchers at Socket have confirmed that the official Bitwarden CLI npm package (version 2026.4.0) was tampered with via a...