The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
Infosecurity Magazine

Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim ...

These Republicans weigh run for mayor with 2023 'bloodbath' in mind

Jerry Holland's decision to run for elections supervisor rather than mayor leaves three Republicans considering challenge to ...

Who did the Buffalo Bills draft? 2026 picks, trades, grades, analysis

The Buffalo Bills entered the 2026 NFL Draft with limited early capital. That has changed. Buffalo began Thursday night with ...
The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...
Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
SecurityWeek

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA has added eight more vulnerabilities to the KEV catalog, including Cisco, Kentico, and Zimbra flaws not previously ...

New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...
IFA Magazine

Wi-Fi frustration is becoming a familiar part of work-from-home life, with 79% of Brits experiencing issues at least once a month

For the five million people working exclusively from home, those dropouts, frozen calls, and sluggish downloads can quickly ...
The Caledonian-Record

ESET Research discovers new China-aligned group, GopherWhisper: It abuses messaging services ...

ESET Research has uncovered a new China-aligned APT group, which has been named GopherWhisper, that targets governmental institutions in Mongolia.GopherWhisper leverages Discord, Slack, Microsoft 365 ...

Thousands of companies file claims as U.S. tariff refund system launches

Learning Resources, one of the plaintiffs in the lawsuit that led to the tariffs’ undoing, is seeking some US$10-million in ...