Skip to content

Bitwarden NPM Package Hit in Supply Chain Attack

Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm. The post Bitwarden NPM Package Hit in Supply Chain Attack appeared first on SecurityWeek.

Copperhelm Raises $7 Million for Agentic Cloud Security Platform

The Israel-based company, which just emerged from stealth mode, was founded by cloud and security experts from RSA, McAfee, and Unity. The post Copperhelm Raises $7 Million for Agentic Cloud Security Platform appeared first on SecurityWeek.

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could beRead More »LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. “As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept aRead More »UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

Cloudsmith Raises $72 Million in Series C Funding

The company will use the investment to accelerate product development and grow go-to-market efforts. The post Cloudsmith Raises $72 Million in Series C Funding appeared first on SecurityWeek.

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from JFrog and Socket. “The affected package version appears to be @bitwarden/[email protected], and the malicious code was published in ‘bw1.js,’ a file included in the package contents,” the applicationRead More »Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systemsRead More »ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

Copyright © 2026 infosecintel.net