Checkmarx Jenkins AST plugin compromised in TeamPCP supply chain attack

Checkmarx has confirmed that a modified version of its Jenkins AST plugin was published to the Jenkins Marketplace, extending a wider supply chain incident that…

Magecart attackers abuse Google Tag Manager to hide credit card skimmers

Magecart-style attackers are abusing Google Tag Manager to inject credit card skimmers into ecommerce websites, making malicious payment theft scripts harder for site owners and…

PHP patches SOAP extension flaw that can lead to remote code execution

PHP maintainers have fixed a serious SOAP extension vulnerability that can let remote attackers execute code on vulnerable servers in some configurations. The flaw is…

Claude Chrome extension flaw lets malicious add-ons hijack AI actions

A flaw in Anthropic’s Claude in Chrome extension can let a malicious Chrome extension hijack Claude’s browser agent and push it into accessing sensitive data…

A compromised version of the Mistral AI Python SDK was published to PyPI with malicious code that ran when developers imported the package on Linux…

Fake TronLink Chrome extension steals crypto wallet credentials from users

A malicious Chrome extension impersonating TronLink has been used to steal crypto wallet credentials from TRON users. Security researchers at SlowMist found that the extension…

Critical Cline AI agent flaw lets websites hijack local developer sessions

A critical vulnerability in Cline’s Kanban server can let a malicious website connect to a developer’s local AI agent session, steal workspace data, inject terminal…

North Korean hackers use Git hooks to deliver cross-platform malware

North Korean threat actors are using malicious Git hooks to target software developers through fake job interviews and coding assessments. The campaign is linked to…

Hackers use hijacked Microsoft Teams accounts to deliver ModeloRAT malware

Hackers are abusing Microsoft Teams accounts to impersonate IT support staff and push ModeloRAT malware into corporate environments. The campaign uses a familiar workplace trust…

SAP patches critical S/4HANA SQL injection flaw in May 2026 update

SAP has released its May 2026 Security Patch Day updates, fixing a critical SQL injection vulnerability in SAP S/4HANA and another critical flaw in SAP…