Latest news

Megalodon Campaign Backdoors 5,500+ GitHub Repositories in Six-Hour CI/CD Blitz
Malware

Megalodon Campaign Backdoors 5,500+ GitHub Repositories in Six-Hour CI/CD Blitz

25 May 2026 dark6

The automated "Megalodon" attack campaign pushed malicious CI/CD backdoors into 5,561 GitHub repositories within 6 hours on May 18, 2026,...
Supply Chain Attack Backdoors 233 Laravel-Lang Package Versions Across 700 GitHub Repositories
Malware

Supply Chain Attack Backdoors 233 Laravel-Lang Package Versions Across 700 GitHub Repositories

25 May 2026 dark6

Attackers exploited GitHub's tagging system to inject credential-stealing PHP backdoors into 233 versions of Laravel-Lang packages, silently targeting developer cloud...
Ukrainian Intelligence Report: Russian APT Groups Intensify Cyber Operations — 5,927 Incidents, 37% Rise in 2025
Cybercrime

Ukrainian Intelligence Report: Russian APT Groups Intensify Cyber Operations — 5,927 Incidents, 37% Rise in 2025

23 May 2026 dark6

A new intelligence report from Ukraine's National Security and Defense Council reveals Russian state-sponsored threat groups dramatically escalated cyber operations...
GitHub Confirms Internal Repository Breach via Malicious VS Code Extension — TeamPCP Claims 3,800 Repos Stolen
Databreach

GitHub Confirms Internal Repository Breach via Malicious VS Code Extension — TeamPCP Claims 3,800 Repos Stolen

20 May 2026 dark6

GitHub has confirmed unauthorized access to its internal repositories after a malicious Visual Studio Code extension compromised an employee device....
JDownloader Official Website Hijacked to Deliver RAT Malware in Windows and Linux Installers
Malware

JDownloader Official Website Hijacked to Deliver RAT Malware in Windows and Linux Installers

17 May 2026 dark6

Attackers compromised the official JDownloader website between May 6-7, 2026, replacing legitimate Windows and Linux installers with malicious versions containing...
TeamPCP Supply Chain Campaign Poisons Checkmarx KICS, Bitwarden CLI, and PyPI Packages to Steal Cloud Credentials at Scale
Cybercrime

TeamPCP Supply Chain Campaign Poisons Checkmarx KICS, Bitwarden CLI, and PyPI Packages to Steal Cloud Credentials at Scale

16 May 2026 dark6

A financially motivated threat group tracked as TeamPCP has executed at least seven waves of sophisticated supply chain attacks since...
84 TanStack npm Packages Poisoned in Sophisticated Supply-Chain Attack Stealing Cloud and CI Credentials
Cybercrime

84 TanStack npm Packages Poisoned in Sophisticated Supply-Chain Attack Stealing Cloud and CI Credentials

15 May 2026 dark6

Attackers compromised 84 npm artifacts across 42 TanStack packages — including react-router with 12M+ weekly downloads — injecting a credential-stealing...
Foxconn Confirms Cyberattack: Nitrogen Ransomware Gang Claims 8TB Stolen From North American Plants
Ransomware

Foxconn Confirms Cyberattack: Nitrogen Ransomware Gang Claims 8TB Stolen From North American Plants

14 May 2026 dark6

Foxconn has confirmed a ransomware attack on its North American factories after the Nitrogen gang claimed to have stolen 8TB...
DigiCert Breached via Weaponized Screensaver: Threat Actor Steals EV Code Signing Certificates to Spread Zhong Stealer
Databreach

DigiCert Breached via Weaponized Screensaver: Threat Actor Steals EV Code Signing Certificates to Spread Zhong Stealer

7 May 2026 dark6

A sophisticated threat actor breached DigiCert's internal support environment in early April 2026 by tricking analysts into executing a disguised...
Trellix Source Code Breach: Hackers Gain Unauthorized Access to Internal Repository of Major XDR Vendor
Databreach

Trellix Source Code Breach: Hackers Gain Unauthorized Access to Internal Repository of Major XDR Vendor

3 May 2026 dark6

Cybersecurity vendor Trellix has confirmed unauthorized access to part of its internal source code repository. The company says no evidence...
Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack
Malware

Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack

28 April 2026 dark6

Security researchers at Socket have confirmed that the official Bitwarden CLI npm package (version 2026.4.0) was tampered with via a...
GlassWorm Escalates: 73 New “Sleeper” Extensions Discovered on Open VSX Marketplace
Malware

GlassWorm Escalates: 73 New “Sleeper” Extensions Discovered on Open VSX Marketplace

27 April 2026 dark6

Aikido Security has identified 73 new GlassWorm "sleeper" extensions on the Open VSX marketplace, marking a dangerous escalation in a...