Category of intelligence

Vulnerabilities

News about security failures, exploits and vulnerabilities in systems

Stories published: 742 Showing up 9 articles per page

Mini Shai-Hulud: the campaign that exposes the fragility of the open source supply chain in npm, PyPI and GitHub Actions

Vulnerabilities

May 12, 2026 4 min de lectura 45

Mini Shai-Hulud: the campaign that exposes the fragility of the open source supply chain in npm, PyPI and GitHub Actions

The campaign known as Mini Shai-Hulud, attributed to actor TeamPCP, again highlights the fragility of the open source supply chain: legitimate packages in npm and PyPI used by pro…

Canvas in crisis: XSS, extortion and systemic risk for 30 million students

Vulnerabilities

May 12, 2026 4 min de lectura 50

Canvas in crisis: XSS, extortion and systemic risk for 30 million students

Instructure, the company behind the popular Canvas learning management system, confirmed that it reached a "deal" with the ShinyHunters extortion group following a cyber attack th…

I pay extortionators after the attack on Canvas unleash an ethical dilemma and alert to the educational ecosystem

Vulnerabilities

May 12, 2026 4 min de lectura 39

I pay extortionators after the attack on Canvas unleash an ethical dilemma and alert to the educational ecosystem

The American company Instructure, owner of the Canvas educational platform, has confirmed an agreement with a decentralized extortion group following unauthorized access that affe…

RCS with end-to-end encryption between iPhone and Android a promise of privacy with limits

Vulnerabilities

May 12, 2026 3 min de lectura 37

RCS with end-to-end encryption between iPhone and Android a promise of privacy with limits

RCS is based on the so-called RCS Universal Profile, a specification promoted by the industry to standardize the capabilities between operators and manufacturers. Coordination bet…

California Brings GM Telemetry with an Agreement of 12.75 Million for the Sale of Driver Data

Vulnerabilities

May 12, 2026 4 min de lectura 41

California Brings GM Telemetry with an Agreement of 12.75 Million for the Sale of Driver Data

The California Attorney General's Office reached an agreement on $12.75 million with General Motors that marks a turning point in the regulation of vehicle telemetry: state author…

When a Jenkins plugin becomes a back door, the Checkmark case exposes credentials and supply chain security

Vulnerabilities

May 11, 2026 4 min de lectura 50

When a Jenkins plugin becomes a back door, the Checkmark case exposes credentials and supply chain security

During the weekend Checkmarx confirmed that a malicious version of his Jenkins plugin for Application Security Testing (AST) was published in the Jenkins Market, in addition to a …

Security Alert: TeamPCP manipulates a Jenkins plugin to steal credentials and compromise the supply chain

Vulnerabilities

May 11, 2026 4 min de lectura 43

Security Alert: TeamPCP manipulates a Jenkins plugin to steal credentials and compromise the supply chain

The publication of a manipulated version of the Jenkins AST plugin associated with Checkmark once again puts on the table the most dangerous threat of the moment: the abuse of con…

Global Alert: Mr _ Rot13 exploits CVE-2026-41940 in cPanel / WHM to infiltrate backdoors and steal multiplatform credentials

Vulnerabilities

May 11, 2026 4 min de lectura 40

Global Alert: Mr _ Rot13 exploits CVE-2026-41940 in cPanel / WHM to infiltrate backdoors and steal multiplatform credentials

A new threat actor that researchers have baptized as Mr _ Rot13 is exploiting critical vulnerability in cPanel / WHM, identified as CVE-2026-41940, to achieve an authentication by…

The IA creates a zero day that accelerates exploitation and challenges defenses

Vulnerabilities

May 11, 2026 4 min de lectura 37

The IA creates a zero day that accelerates exploitation and challenges defenses

Google has revealed a worrying case that marks a turning point: researchers from its threat intelligence team (GTIG) identified a campaign in which an unknown actor exploited a ze…

Explore RadarBytes

Vulnerabilities

Mini Shai-Hulud: the campaign that exposes the fragility of the open source supply chain in npm, PyPI and GitHub Actions

Canvas in crisis: XSS, extortion and systemic risk for 30 million students

I pay extortionators after the attack on Canvas unleash an ethical dilemma and alert to the educational ecosystem

RCS with end-to-end encryption between iPhone and Android a promise of privacy with limits

California Brings GM Telemetry with an Agreement of 12.75 Million for the Sale of Driver Data

When a Jenkins plugin becomes a back door, the Checkmark case exposes credentials and supply chain security

Security Alert: TeamPCP manipulates a Jenkins plugin to steal credentials and compromise the supply chain

Global Alert: Mr _ Rot13 exploits CVE-2026-41940 in cPanel / WHM to infiltrate backdoors and steal multiplatform credentials

The IA creates a zero day that accelerates exploitation and challenges defenses

Disable your ad blocker

Vulnerabilities

Manage your cookies