Hacking
2026()
2025()
2024()
2023()
HOME Reconnaissance(10) Resource Development(8) Initial Access(10) Execution(14) Persistence(20) Privilege Escalation(14) Defense Evasion(43) Credential Access(17) Discovery(32) Lateral Movement(9) Collection(17) Command and Control(17) Exfiltration(9) Impact(14)
|
TOOL
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 11.6.26 | NPM Ignore Scripts Best | NPM Ignore Scripts Best Practices as Security Mitigation for Malicious Packages | HACKING | HACKING |
| 6.6.26 | TanStack Supply Chain Attack | On 11 May 2026, the threat actor group TeamPCP compromised 42 TanStack npm packages by chaining three GitHub Actions vulnerabilities to hijack the project's legitimate CI/CD pipeline. The attackers then published 84 malicious package versions carrying valid SLSA Build Level 3 provenance attestations, making them indistinguishable from legitimate releases by standard verification methods. | HACKING | HACKING |
| 3.6.26 | FlagLeft | FlagLeft: We Found A Forgotten Flag That Turned Microsoft 365 Apps Into a Silent Account Takeover Pipeline for Billions of Users | HACKING | HACKING |
| 3.6.26 | 1-Click GitHub Token Stealing via a VSCode Bug | Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones. | HACKING | HACKING |
| 31.5.26 | LLMShare | LLMShare: how attackers are turning AI chatbot pages into malware delivery platforms | HACKING | AI |
| 30.5.26 | SymJack | SymJack: the approval prompt is lying to you. A symlink-hijack RCE in six AI coding agents | HACKING | AI |
| 30.5.26 | TrustFall | TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot | HACKING | AI |
| 20.5.26 | Trapdoor funnels malvertising into ad fraud | HUMAN’s Satori Threat Intelligence and Research Team has identified and has disrupted an ad fraud and malvertising operation dubbed Trapdoor. The operation encompasses 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains that together form a multi-stage fraud pipeline | HACKING | HACKING |
| 9.5.26 | CallPhantom tricks | Fake call logs, real payments: How CallPhantom tricks Android users | HACKING | HACKING |
| 25.4.26 | PhantomRPC | PhantomRPC: A new privilege escalation technique in Windows RPC | HACKING | HACKING |
| 24.4.26 | AdaptixC2 | AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks | HACKING | TOOLS |
| 23.4.26 | Checkmarx KICS images | Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions | HACKING | HACKING |
| 8.4.26 | Python-Based Backdoor and Changes in Distribution Techniques | Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group) | HACKING | MALWARE |
| 8.4.26 | Handala | Handala: MOIS Linked Cyber Influence Ecosystem Threat Intelligence Assessment | HACKING | MALWARE |
| 8.4.26 | Qilin EDR killer infection chain | Endpoint detection and response (EDR) tools are widely deployed and far more capable than traditional antivirus. As a result, attackers use EDR killers to disable or bypass them. | HACKING | RANSOMWARE |
| 8.4.26 | DPRK Malware Modularity | DPRK Malware Modularity: Diversity and Functional Specialization | HACKING | MALWARE |
| 5.4.26 | RoadK1ll | RoadK1ll: A WebSocket Based Pivoting Implant | HACKING | HACKING |
| 5.4.26 | Cookie-controlled PHP webshells | Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments | HACKING | HACKING |
| 26.3.26 | Poisoned Typeface | Poisoned Typeface: How Simple Font Rendering Poisons Every AI Assistant, And Only Microsoft Cares |
AI |
|
| 26.3.26 | WebRTC skimmer bypasses | Sansec discovered a payment skimmer that uses WebRTC DataChannels to receive its payload and exfiltrate stolen data, bypassing CSP and HTTP-based security tools. | HACKING | HACKING |
| 26.3.26 | ShadowPrompt | ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension | HACKING | AI |
|
25.3.26 |
Microsoft 365 Token Attack Infrastructure | Riding the Rails: Threat Actors Abuse Railway.com PaaS as Microsoft 365 Token Attack Infrastructure | HACKING | HACKING |
|
25.3.26 |
From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill |
TOOL |
||
|
25.3.26 |
A compromised release steals credentials and spreads to Kubernetes clusters. First reported to PyPI by FutureSearch. |
|||
| 20.3.26 | The technology behind EDR killers | ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers | HACKING | EDR |
| 16.3.26 | Evil evolution | Across three recent campaigns, Sophos X-Ops notes shifts in both lures and malware capabilities, as threat actors leveraging ClickFix techniques increasingly target macOS users with infostealers | HACKING | HACKING |
| 10.3.26 | GhostClaw | GhostClaw Unmasked: A Malicious npm Package Impersonating OpenClaw to Steal Everything | HACKING | MALWARE |
| 9.3.26 | Pixel Perfect | Pixel Perfect: Sold Extension Injects Code Through Pixel | HACKING | HACKING |
| 1.3.26 | Log Poisoning in OpenClaw | It is important to be clear here: this is not a traditional remote code execution vulnerability. Instead, its an indirect prompt injection risk, where exploitation depends on context. | HACKING | AI |
| 20.2.26 | AgreeToSteal | AgreeToSteal: The First Malicious Outlook Add-In Leads to 4,000 Stolen Credentials | HACKING | HACKING |
| 11.2.26 | LABYRINTH CHOLLIMA | LABYRINTH CHOLLIMA Evolves into Three Adversaries | HACKING | CLUSTER |
| 9.2.26 | TeamPCP | Threat Alert: TeamPCP, An Emerging Force in the Cloud Native and Ransomware Landscape | HACKING | CLUSTER |
| 9.2.26 | Vortex Werewolf (SkyCloak) | A new cluster is distributing malware via phishing. We demonstrate how the attack works through fake pages simulating file downloads from Telegram. | HACKING | CLUSTER |
| 6.2.26 | DKnife | Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework | HACKING | HACKING |
| 18.1.26 | WhisperPair | Hijacking Bluetooth Accessories Using Google Fast Pair | HACKING | Bluetooth |
| 16.1.26 | Reprompt | Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data | HACKING | AI |
| 7.1.26 | Prompt poaching | Prompt poaching runs rampant in extensions | HACKING | AI |
| 3.1.26 | MongoDB Unauthenticated Attacker Sensitive Memory Leak | The Situation: A major vulnerability allows unauthenticated attackers to remotely leak sensitive data from MongoDB server memory. No login is required. | HACKING | HACKING |