Endpoint Security

Cybersecurity
300 Fake GitHub Repos Deliver BoryptGrab Chrome Bypass Infostealer
ArcticWolf exposed a campaign using 300 fake GitHub repos to deliver BoryptGrab, an infostealer that bypasses Chrome App-Bound Encryption via code injection.
Application Security
AsyncAPI npm Packages Backdoored to Deploy Miasma Botnet Loader
Four official AsyncAPI npm packages were compromised to deliver Miasma, a botnet loader using six C2 channels including Ethereum smart contracts and IPFS.
Cybersecurity
RedHook Android RAT Gains Shell Access via Wireless ADB Loopback
Group-IB analyzed a new RedHook Android RAT variant that gains shell-level access by turning the device into its own ADB client via loopback, without rooting.
Application Security
Compromised jscrambler npm Package Drops Rust Infostealer on Devs
An attacker compromised jscrambler's npm credentials and published five malicious versions dropping a Rust infostealer targeting cloud and AI credentials.
CVE Vulnerability Alerts
Binarly Finds Six U-Boot CVEs That Break Secure Boot on 50+ Firmware
Binarly disclosed six flaws in U-Boot's FIT signature verification subsystem, including two RCEs that bypass Secure Boot across more than 50 firmware releases.
CVE Vulnerability Alerts
Microsoft Patches RoguePlanet Defender Zero-Day CVE-2026-50656
Microsoft silently patched CVE-2026-50656 RoguePlanet via a Defender engine update, ending over three weeks of confirmed active SYSTEM privilege exploitation.
Cybersecurity
SCMBANKER Targets Mexican Banking With AI-Written PowerShell
Elastic Security Labs found REF6045 deploying SCMBANKER, an AI-written PowerShell toolkit that lets operators control Mexican banking sessions live and hijack transfers.
Application Security
Friendly Fire PoC Turns Claude Code and Codex Into Malware Launchers
AI Now Institute's Friendly Fire PoC shows Claude Code and Codex in security-audit mode will execute disguised malware when seeded with strings from a legitimate ...
Cybersecurity
Microsoft Discloses GigaWiper: Disk Wiper Hidden Behind Fake Ransom
Microsoft disclosed GigaWiper, a Windows backdoor combining a real disk wiper, fake ransomware encryption, and multi-pass file overwriting in a single payload.
Cybersecurity
GodDamn Ransomware Uses PoisonX Driver to Kill EDR Before Encrypting
Symantec identified GodDamn ransomware using a kernel driver named PoisonX via the BYOVD technique to kill security software before file encryption begins.