Latest news
Shai-Hulud Malware Expands to npm Ecosystem, Stealing Cloud and CI/CD Credentials From Developers
26 June 2026 dark6
Klue Supply Chain Hack Exposes Salesforce Data at Nine Cybersecurity Companies
23 June 2026 dark6
Supply Chain Attack Compromises 140+ Mastra npm Packages, Targeting Developer Credentials and Crypto Wallets
18 June 2026 dark6
OceanLotus APT (APT32) Compromises FireAnt MetaKit in Targeted Supply-Chain Attack on Vietnamese Stock Investors
12 June 2026 dark6
Critical npm Supply Chain Attack: Malicious ‘dbmux’ Package Gives Hackers Full System Control
11 June 2026 dark6
Hackers Can Hijack Claude Code MCP Traffic to Steal OAuth Tokens — No Patch Coming
8 June 2026 dark6
Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials
2 June 2026 dark6
Attackers Exploit Docker and Kubernetes Misconfigurations to Escape Containers and Seize Host Control
2 June 2026 dark6
Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers
1 June 2026 dark6
Malicious npm Package forge-jsxy Pushes 22 Versions in 22 Days to Steal Crypto Wallets and Deploy Persistent Backdoor
29 May 2026 dark6
Grafana GitHub Breach: TanStack npm Supply Chain Attack Leads to Source Code Theft and Ransom Demand
27 May 2026 dark6
TeamPCP Poisons Microsoft’s Official Python DurableTask SDK — Multi-Cloud Credential Worm Hits PyPI
27 May 2026 dark6