Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
June 17, 2026
Attackers hijacked a dormant npm contributor account and backdoored 144 Mastra AI packages, exposing 1.1 million weekly downloads to a
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Attackers hijacked a dormant npm contributor account and backdoored 144 Mastra AI packages, exposing 1.1 million weekly downloads to a RAT dropper payload.
15 JetBrains Plugins Steal AI API Keys in Eight-Month Campaign
Fifteen malicious JetBrains Marketplace plugins stole OpenAI, DeepSeek, and SiliconFlow API keys from 70,000 IDE users across an eight-month campaign.
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
CISA added CVE-2026-48907 to its KEV catalog as automated exploit campaigns target the unauthenticated file upload flaw in the Joomla Content Editor plugin.
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
Kaspersky found malicious Wallpaper Engine packages on Steam Workshop delivering DarkKomet, Lumma, Vidar, and ransomware loaders to gamers who installed them.
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Unit 42 found CVE-2026-2473 in the Vertex AI SDK lets attackers execute code in a victim's GCP tenant by squatting predictable bucket names and using ...
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Defused confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808 in FortiSandbox, chained with CVE-2026-25089 to deliver unauthenticated root code execution across seven financial and critical infrastructure ...
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
CISA added LiteSpeed cPanel CVE-2026-54420 to its KEV catalog with a 48-hour deadline as exploitation of the unauthenticated REST API privilege escalation flaw was confirmed ...
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal all managed AI API keys.
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Lapsus$ listed 3,800 stolen GitHub internal repositories for sale 25 days after the confirmed breach, including Copilot, CodeQL, and Dependabot source code.
15 JetBrains Plugins Steal AI API Keys in Eight-Month Campaign
June 17, 2026
Fifteen malicious JetBrains Marketplace plugins stole OpenAI, DeepSeek, and SiliconFlow API keys from 70,000 IDE users across an eight-month campaign.
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
June 17, 2026
CISA added CVE-2026-48907 to its KEV catalog as automated exploit campaigns target the unauthenticated file upload flaw in the Joomla
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
June 17, 2026
Kaspersky found malicious Wallpaper Engine packages on Steam Workshop delivering DarkKomet, Lumma, Vidar, and ransomware loaders to gamers who installed
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
June 17, 2026
Unit 42 found CVE-2026-2473 in the Vertex AI SDK lets attackers execute code in a victim’s GCP tenant by squatting
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
June 16, 2026
Defused confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808 in FortiSandbox, chained with CVE-2026-25089 to deliver unauthenticated root code execution across
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
June 16, 2026
CISA added LiteSpeed cPanel CVE-2026-54420 to its KEV catalog with a 48-hour deadline as exploitation of the unauthenticated REST API
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
June 16, 2026
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
June 16, 2026
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
June 15, 2026
Lapsus$ listed 3,800 stolen GitHub internal repositories for sale 25 days after the confirmed breach, including Copilot, CodeQL, and Dependabot
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.