Latest news

GitHub Confirms Internal Repository Breach via Malicious VS Code Extension — TeamPCP Claims 3,800 Repos Stolen
Databreach

GitHub Confirms Internal Repository Breach via Malicious VS Code Extension — TeamPCP Claims 3,800 Repos Stolen

20 May 2026 dark6

GitHub has confirmed unauthorized access to its internal repositories after a malicious Visual Studio Code extension compromised an employee device....
Read more 0
JDownloader Official Website Hijacked to Deliver RAT Malware in Windows and Linux Installers
Malware

JDownloader Official Website Hijacked to Deliver RAT Malware in Windows and Linux Installers

17 May 2026 dark6

Attackers compromised the official JDownloader website between May 6-7, 2026, replacing legitimate Windows and Linux installers with malicious versions containing...
Read more 0
TeamPCP Supply Chain Campaign Poisons Checkmarx KICS, Bitwarden CLI, and PyPI Packages to Steal Cloud Credentials at Scale
Cybercrime

TeamPCP Supply Chain Campaign Poisons Checkmarx KICS, Bitwarden CLI, and PyPI Packages to Steal Cloud Credentials at Scale

16 May 2026 dark6

A financially motivated threat group tracked as TeamPCP has executed at least seven waves of sophisticated supply chain attacks since...
Read more 0
84 TanStack npm Packages Poisoned in Sophisticated Supply-Chain Attack Stealing Cloud and CI Credentials
Cybercrime

84 TanStack npm Packages Poisoned in Sophisticated Supply-Chain Attack Stealing Cloud and CI Credentials

15 May 2026 dark6

Attackers compromised 84 npm artifacts across 42 TanStack packages — including react-router with 12M+ weekly downloads — injecting a credential-stealing...
Read more 0
Foxconn Confirms Cyberattack: Nitrogen Ransomware Gang Claims 8TB Stolen From North American Plants
Ransomware

Foxconn Confirms Cyberattack: Nitrogen Ransomware Gang Claims 8TB Stolen From North American Plants

14 May 2026 dark6

Foxconn has confirmed a ransomware attack on its North American factories after the Nitrogen gang claimed to have stolen 8TB...
Read more 0
DigiCert Breached via Weaponized Screensaver: Threat Actor Steals EV Code Signing Certificates to Spread Zhong Stealer
Databreach

DigiCert Breached via Weaponized Screensaver: Threat Actor Steals EV Code Signing Certificates to Spread Zhong Stealer

7 May 2026 dark6

A sophisticated threat actor breached DigiCert's internal support environment in early April 2026 by tricking analysts into executing a disguised...
Read more 0
Trellix Source Code Breach: Hackers Gain Unauthorized Access to Internal Repository of Major XDR Vendor
Databreach

Trellix Source Code Breach: Hackers Gain Unauthorized Access to Internal Repository of Major XDR Vendor

3 May 2026 dark6

Cybersecurity vendor Trellix has confirmed unauthorized access to part of its internal source code repository. The company says no evidence...
Read more 0
Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack
Malware

Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack

28 April 2026 dark6

Security researchers at Socket have confirmed that the official Bitwarden CLI npm package (version 2026.4.0) was tampered with via a...
Read more 0
GlassWorm Escalates: 73 New “Sleeper” Extensions Discovered on Open VSX Marketplace
Malware

GlassWorm Escalates: 73 New “Sleeper” Extensions Discovered on Open VSX Marketplace

27 April 2026 dark6

Aikido Security has identified 73 new GlassWorm "sleeper" extensions on the Open VSX marketplace, marking a dangerous escalation in a...
Read more 0
Malicious npm Package js-logger-pack Turns Hugging Face Into Malware CDN and Data Exfiltration Backend
Malware

Malicious npm Package js-logger-pack Turns Hugging Face Into Malware CDN and Data Exfiltration Backend

24 April 2026 dark6

JFrog Security researchers have uncovered a malicious npm package, js-logger-pack, that uses Hugging Face as both a malware delivery network...
Read more 0
Checkmarx KICS Docker Hub Repo Hijacked: Trojanized Images and VS Code Extensions Harvest Developer Secrets
Malware

Checkmarx KICS Docker Hub Repo Hijacked: Trojanized Images and VS Code Extensions Harvest Developer Secrets

23 April 2026 dark6

Attackers overwrote official Checkmarx KICS tags on Docker Hub and weaponized its VS Code extensions to deploy a credential stealer...
Read more 0
Vercel Confirms OAuth Supply Chain Breach Linked to Context.ai Compromise; ShinyHunters Claims Responsibility
Databreach

Vercel Confirms OAuth Supply Chain Breach Linked to Context.ai Compromise; ShinyHunters Claims Responsibility

23 April 2026 dark6

Vercel has disclosed an internal breach caused by a compromised Context.ai OAuth token harvested via Lumma Stealer. A limited set...
Read more 0