Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
May 20, 2026
Version 18.95.0 of the Nx Console VS Code extension was weaponized for 11 minutes to steal 1Password vaults, AWS credentials,
Identity and Access Management
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
Version 18.95.0 of the Nx Console VS Code extension was weaponized for 11 minutes to steal 1Password vaults, AWS credentials, and Claude Code secrets.
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
Microsoft tracks Storm-2949, a threat actor using SSPR social engineering to hijack Azure accounts without malware and extract Key Vault secrets and M365 data.
GitHub Actions Supply Chain Attack Hijacks actions-cool Tags
Attackers hijacked two actions-cool GitHub Actions workflows via imposter commits, stealing CI/CD credentials from all pipelines that ran them by version tag.
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Tycoon2FA's latest update adds device-code phishing that hands attackers a valid Microsoft 365 OAuth token without requiring the victim's password or MFA code.
MuddyWater Targeted South Korean Electronics Maker via DLL Sideloading
Iran-linked MuddyWater targeted nine organizations globally in 2026, including a South Korean electronics firm, using legitimate vendor DLLs for sideloading.
Google GTIG Documents First AI-Generated Zero-Day Exploit
Google's Threat Intelligence Group confirmed the first AI-generated zero-day exploit, targeting 2FA logic in an open-source web admin tool via LLM-written code.
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
Security researchers from Adversa AI and Mitiga disclosed a one-click RCE, silent MCP OAuth token hijacking, and a Chrome extension prompt injection vulnerability in Claude ...
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Researchers discovered TCLBanker, a banking trojan hidden in trojanized Logitech software installers, stealing credentials from 59 banking and cryptocurrency platforms.
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Researchers disclosed PamDOORa, a commercial Linux backdoor sold on the Russian Rehub forum that exploits the PAM authentication framework to install covert SSH access and ...
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Microsoft disclosed an AiTM phishing campaign targeting 35,000 users in 13,000 organizations across 26 countries between April 14–16, 2026, bypassing MFA by stealing authenticated session ...
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
May 20, 2026
Microsoft tracks Storm-2949, a threat actor using SSPR social engineering to hijack Azure accounts without malware and extract Key Vault
GitHub Actions Supply Chain Attack Hijacks actions-cool Tags
May 19, 2026
Attackers hijacked two actions-cool GitHub Actions workflows via imposter commits, stealing CI/CD credentials from all pipelines that ran them by
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
May 19, 2026
Tycoon2FA’s latest update adds device-code phishing that hands attackers a valid Microsoft 365 OAuth token without requiring the victim’s password
MuddyWater Targeted South Korean Electronics Maker via DLL Sideloading
May 14, 2026
Iran-linked MuddyWater targeted nine organizations globally in 2026, including a South Korean electronics firm, using legitimate vendor DLLs for sideloading.
Google GTIG Documents First AI-Generated Zero-Day Exploit
May 12, 2026
Google’s Threat Intelligence Group confirmed the first AI-generated zero-day exploit, targeting 2FA logic in an open-source web admin tool via
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
May 8, 2026
Security researchers from Adversa AI and Mitiga disclosed a one-click RCE, silent MCP OAuth token hijacking, and a Chrome extension
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
May 8, 2026
Researchers discovered TCLBanker, a banking trojan hidden in trojanized Logitech software installers, stealing credentials from 59 banking and cryptocurrency platforms.
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
May 8, 2026
Researchers disclosed PamDOORa, a commercial Linux backdoor sold on the Russian Rehub forum that exploits the PAM authentication framework to
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
May 6, 2026
Microsoft disclosed an AiTM phishing campaign targeting 35,000 users in 13,000 organizations across 26 countries between April 14–16, 2026, bypassing
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.