Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

/in

TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.
The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed to profile the execution

The Hacker News – ​Read More

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

/in

Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a “cross-industry effort” to replace traditional SMS with a more secure alternative.
To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android users on the latest version of Google Messages.

The Hacker News – ​Read More

Microsoft PowerToys now lets you control your monitor from the taskbar – here’s how

/in

Instead of pressing buttons on your monitor or hunting through your Windows settings, here’s how you can now adjust your display directly from the system tray – plus other new PowerToys perks.

Latest news – ​Read More

Best Buy is selling this 4TB WD Black SSD for 65% off right now – and I’m seriously tempted

/in

The cost of SSDs, RAM, and other PC components has skyrocketed, but Best Buy is offering an impressive 65% discount on the 4TB WD Black SN850X.

Latest news – ​Read More

Tech Can’t Stop These Threats — Your People Can

/in

Security controls can do only so much. Here are four attacks where your employees are usually your first, and only, line of cyber defense.

darkreading – ​Read More

Microsoft is boosting the launch time of key Windows apps and features – here’s how

/in

Currently in early testing mode, the new Low Latency Profile will boost the speed of Windows 11 apps, menus, flyouts, and more.

Latest news – ​Read More

FCC Softens Ban on Foreign-Made Routers

/in

The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place.

darkreading – ​Read More

Google Says Hackers Used AI to Develop a Zero-Day Exploit

/in

Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

/in

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace.
“If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously,” the cybersecurity company said in a statement over the weekend.
As of writing, Checkmarx has released

The Hacker News – ​Read More

Can hackers break encrypted USB drives? I tried to find out

/in

The Kingston IronKey Locker+50 G2 offers a high level of data security and several unique features to deter hackers.

Latest news – ​Read More