Search: custom automations

ShapedPlugin update flow hacked to infect WordPress sites

…According to data WordPress security company Defiant collected from its WordFence firewall, the backdoor was injected into ShapedPlugin's Pro builds on May 21, and the first customer reports about potentially malicious…

Jun 18, 2026 · Bill Toulas

DAEMON Tools devs confirm breach, release malware-free version

…06, 14:09 EDT : Added Disc Soft statement. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one…

May 6, 2026 · Sergiu Gatlan

OpenAI confirms security breach in TanStack supply chain attack

…In a security advisory published today, the company said the incident did not impact customer data, production systems, intellectual property, or deployed software. The company says the breach is linked to the…

May 14, 2026 · Lawrence Abrams

GitHub links repo breach to TanStack npm supply-chain attack

…Wakes added that GitHub has since secured the compromised device and has yet to find evidence that customer data stored outside the affected repos has been stolen. "We rotated critical secrets Monday…

May 21, 2026 · Sergiu Gatlan

VS Code zero-day lets hackers steal GitHub tokens in one click

…our customers." BleepingComputer reached out to Microsoft for a comment on the VS Code zero-day flaw disclosed by Askar, but a response was not immediately available. The Validation Gap: Automated Pentesting…

Jun 3, 2026 · Sergiu Gatlan

Canvas login portals hacked in mass ShinyHunters extortion campaign

…The extortion gang commonly breaches third-party integration companies and uses stolen authentication tokens to access connected SaaS environments and steal customer data. The threat actors are also known for conducting voice…

May 7, 2026 · Lawrence Abrams

New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released

…committed to investigating reported security issues and protecting customers through updates. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built…

May 17, 2026 · Lawrence Abrams

Chinese hackers hijack auth flow, spy on isolated network for a decade

…Next, Velvet Ant installed a custom SOCKS5 proxy for network traffic tunneling, enabling it to reach internal systems that are not directly accessible from the internet. The proxy ran as a daemon…

Jun 13, 2026 · Bill Toulas

Microsoft patches Exchange Server zero-day exploited in attacks

…We recommend that customers keep the mitigation described in place. The mitigation provides an additional layer of defense and helps ensure continuous protection as further improvements are released." The Cybersecurity and Infrastructure…

Jun 10, 2026 · Sergiu Gatlan

Gentlemen ransomware uses multiple EDR killers to disable defenses

…The gang is using a suite of EDR killers, the most frequently used being a custom tool that researchers named GentleKiller, which has at least eight variants impersonating various legitimate products. An…