BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

Latest
ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th)SANS ISC · 4h agoChinese hackers use new Atlas RAT malware in European cyberattacksBleepingComputer · 9h agoHow to Recover Data from iCloud Backup Without Resetting Your iPhoneHackRead · 9h agoThe U.S. sanctions Nobitex crypto exchange used by ransomwareBleepingComputer · 10h agoCISA warns of cyberattacks targeting fuel tank monitoring systemsBleepingComputer · 10h agoWhatsApp, Slack Notifications Could Hijack Google Gemini on AndroidThe Hacker News · 11h agoNew 'HTTP/2 Bomb' DoS attack crashes web servers in under a minuteBleepingComputer · 11h agoUltrahuman says hackers accessed customers’ wellness data via internal toolTechCrunch Security · 13h agoGoogle DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RATThe Hacker News · 14h agoA Day in the Life of an MDR Analyst: Inside the Modern SOCRapid7 · 14h agoInstagram is alerting users who were targeted by hackers during AI chatbot attacksTechCrunch Security · 14h agoCISA warns of active attacks exploiting Android, Linux bugsBleepingComputer · 15h agoMicrosoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug FlagThe Hacker News · 16h agoThe worst hacks and breaches of 2026 (so far)TechCrunch Security · 16h agoWhat 345 Days of Untested Exposure Looks Like at a BankBleepingComputer · 16h agoISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th)SANS ISC · 4h agoChinese hackers use new Atlas RAT malware in European cyberattacksBleepingComputer · 9h agoHow to Recover Data from iCloud Backup Without Resetting Your iPhoneHackRead · 9h agoThe U.S. sanctions Nobitex crypto exchange used by ransomwareBleepingComputer · 10h agoCISA warns of cyberattacks targeting fuel tank monitoring systemsBleepingComputer · 10h agoWhatsApp, Slack Notifications Could Hijack Google Gemini on AndroidThe Hacker News · 11h agoNew 'HTTP/2 Bomb' DoS attack crashes web servers in under a minuteBleepingComputer · 11h agoUltrahuman says hackers accessed customers’ wellness data via internal toolTechCrunch Security · 13h agoGoogle DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RATThe Hacker News · 14h agoA Day in the Life of an MDR Analyst: Inside the Modern SOCRapid7 · 14h agoInstagram is alerting users who were targeted by hackers during AI chatbot attacksTechCrunch Security · 14h agoCISA warns of active attacks exploiting Android, Linux bugsBleepingComputer · 15h agoMicrosoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug FlagThe Hacker News · 16h agoThe worst hacks and breaches of 2026 (so far)TechCrunch Security · 16h agoWhat 345 Days of Untested Exposure Looks Like at a BankBleepingComputer · 16h ago

Security & IT News

Live

Real-time news from 13+ trusted sources — BleepingComputer, The Hacker News, Krebs on Security, Dark Reading & more.

All Vulnerability727🩹 Patch165🚀 Release17🔴 Breach428🔬 Analysis58🧪 Research62🦠 Malware237📰 General101
VulnerabilityThe Hacker News·68d ago
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build applications powered by Large Language Models (LLMs). LangGraph is built on the foundations of

Read articleDiscuss thisSource: The Hacker News
VulnerabilityThe Hacker News·69d ago
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that's also tracked as Earth Bluecrow,

Read articleDiscuss thisSource: The Hacker News
🩹 PatchSANS ISC·69d ago
TeamPCP Supply Chain Campaign: Update 001 ? Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)

This is the first update to the TeamPCP supply chain campaign threat intelligence report, When the Security Scanner Became the Weapon (v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update covers developments since publication. Checkmarx ast-github-action: All 91 Tags Were Compromised, Not Just v2.3.28 The most significant new finding since the report s publication: the scope of the Checkmarx ast-github-action compromise was substantially larger than publicly reported. Checkmarx s official security advisory stated that all older versions have been permanently deleted but did not quantify how many tags were affected. This ambiguity allowed the security community to anchor on a single confirmed version (v2.3.28) as the extent of the compromise. Sysdig s analysis characterized it as Checkmarx/ast-github-action/2.3.28: (possibly more). Even Wiz, which assessed that it is likely all tags were impacted, only observed the single tag directly. An independent security researcher who was working this incident firsthand at a Checkmarx customer has now provided primary evidence that all 91 published tags were overwritten every version from v0.1-alpha through v2.3.32. The evidence is publicly visible in the GitHub activity log , which shows 91 tag deletions performed during Checkmarx s remediation between 19:09 and 19:16 UTC on March 23, 2026. Three of the malicious commits are still visible on GitHub: f1d2a3477e0d f58de2470825 aa52a82cddf2 Each malicious commit follows an identical pattern: the legitimate Docker-based action.yml was replaced with a composite action that executes a credential-stealing setup.sh before delegating to the legitimate Checkmarx action at pinned SHA 327efb5d . Each commit was individually crafted with a version-appropriate backdated timestamp and fake commit message (e.g., 2.0.30: PR # ). The attacker did not reuse a single malicious commit across multiple tags they created individual poisoned commits for individual versions. The impact of this under-reporting is material. Organizations that searched their CI/CD logs only for [email protected] would have missed compromised runs referencing any of the other 90 poisoned tags. The credential stealer executed regardless of which tag version was referenced. Recommended action: Search your CI/CD workflow logs for ANY reference to checkmarx/ast-github-action that executed between 12:58 and 19:16 UTC on March 23, 2026. If found, treat all secrets accessible to that workflow as compromised and rotate immediately. The only safe version is v2.3.33, released during remediation. For comparison, the companion kics-github-action received accurate all 35 tags reporting from the outset, largely because GitHub Issue #152 was filed publicly with the title Malware injected in all Git Tags. No equivalent public issue was filed for ast-github-action . CISA Adds CVE-2026-33634 to Known Exploited Vuln

Read articleDiscuss thisSource: SANS ISC