Latest news
Cybercrime
84 TanStack npm Packages Poisoned in Sophisticated Supply-Chain Attack Stealing Cloud and CI Credentials
15 May 2026 dark6
Attackers compromised 84 npm artifacts across 42 TanStack packages — including react-router with 12M+ weekly downloads — injecting a credential-stealing...
Privacy
Microsoft Edge Stores Your Entire Password Vault in Cleartext Process Memory — Every Session
5 May 2026 dark6
Security researcher @L1v1ng0ffTh3L4N has revealed that Microsoft Edge decrypts all stored passwords into plaintext process memory at browser launch and...
Phishing
AccountDumpling: Vietnamese Phishing Ring Abuses Google AppSheet and Telegram to Harvest 30,000 Facebook Accounts
4 May 2026 dark6
A sophisticated phishing operation called AccountDumpling has compromised around 30,000 Facebook accounts by routing lures through legitimate platforms including Google...
Phishing
CORDIAL SPIDER and SNARKY SPIDER Deploy AiTM Pages to Breach SharePoint, HubSpot, and Google Workspace
2 May 2026 dark6
Two threat groups are deploying adversary-in-the-middle phishing pages combined with voice phishing to bypass MFA and hijack enterprise SaaS sessions....
Malware
Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack
28 April 2026 dark6
Security researchers at Socket have confirmed that the official Bitwarden CLI npm package (version 2026.4.0) was tampered with via a...
Malware
Checkmarx KICS Docker Hub Repo Hijacked: Trojanized Images and VS Code Extensions Harvest Developer Secrets
23 April 2026 dark6
Attackers overwrote official Checkmarx KICS tags on Docker Hub and weaponized its VS Code extensions to deploy a credential stealer...