Threat Intel Feed
·|
PyPI Fixes High-Severity Access Control Issues Found in Security Audit
Socket.devIncident start — not yet confirmed
Published May 1, 2026, 09:05 PM GMT+0First seen May 2, 2026, 04:15 AM GMT+0
Copy.Fail: Universal Linux Local Privilege Escalation Vulnerability
Wiz BlogIncident start — not yet confirmed
Published May 1, 2026, 12:38 PM GMT+0First seen May 1, 2026, 01:00 PM GMT+0
Mini Shai-Hulud Spreads to Packagist: Malicious Intercom PHP Package Follows npm Compromise
Socket.devIncident start — not yet confirmed
Published Apr 30, 2026, 09:31 PM GMT+0First seen Apr 30, 2026, 10:15 PM GMT+0
Intercom’s npm Package Compromised in Ongoing Mini Shai-Hulud Worm Attack
Socket.devIncident start — not yet confirmed
Published Apr 30, 2026, 03:42 PM GMT+0First seen Apr 30, 2026, 05:15 PM GMT+0
lightning PyPI Package Compromised in Supply Chain Attack
Socket.devIncident start — not yet confirmed
Published Apr 30, 2026, 01:36 PM GMT+0First seen Apr 30, 2026, 02:15 PM GMT+0
Official SAP npm packages compromised to steal credentials
Bleeping ComputerIncident start — not yet confirmed
Published Apr 29, 2026, 10:43 PM GMT+0First seen Apr 29, 2026, 10:45 PM GMT+0
Malicious npm Package Brand-Squats TanStack to Exfiltrate Environment Variables
Socket.devIncident start — not yet confirmed
Published Apr 29, 2026, 07:54 PM GMT+0First seen Apr 29, 2026, 09:15 PM GMT+0
A Mini Shai-Hulud has Appeared: Obfuscated Bun Runtime Payloads Hit SAP-Related npm Packages
StepSecurityIncident start — not yet confirmed
Published Apr 29, 2026, 12:13 PM GMT+0First seen Apr 29, 2026, 12:15 PM GMT+0
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Bleeping ComputerIncident start — not yet confirmed
Published Apr 28, 2026, 09:07 PM GMT+0First seen Apr 28, 2026, 09:15 PM GMT+0
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
The Hacker NewsIncident start — not yet confirmed
Published Apr 28, 2026, 06:19 PM GMT+0First seen Apr 28, 2026, 07:15 PM GMT+0
elementary-data Compromised on PyPI and GHCR: Forged Release Pushed via GitHub Actions Script Injection
StepSecurityIncident start — not yet confirmed
Published Apr 25, 2026, 08:55 AM GMT+0First seen Apr 25, 2026, 09:00 AM GMT+0
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Socket.devIncident start — not yet confirmed
Published Apr 23, 2026, 01:07 PM GMT+0First seen Apr 23, 2026, 02:00 PM GMT+0
Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions
Socket.devIncident start — not yet confirmed
Published Apr 22, 2026, 04:00 PM GMT+0First seen Apr 22, 2026, 04:45 PM GMT+0
Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware
Socket.devIncident start — not yet confirmed
Published Apr 22, 2026, 12:18 AM GMT+0First seen Apr 22, 2026, 01:15 AM GMT+0