Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
Bleeping Computer

Ivanti warns of new EPMM flaw exploited in zero-day attacks

Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. The security flaw (tracked as CVE-2026-6973) ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
The New York Times

Attacks on Jewish Targets in Europe Suggest Hybrid Warfare

Officials are investigating similar attacks across Europe, all claimed by a shadowy Islamist group that may be using low-cost, unsophisticated methods to sow fear in Jewish communities. By Megan ...
Dark Reading

Trellix Source Code Breach Highlights Growing Supply Chain Threats

Cybersecurity vendor Trellix published a terse statement last Friday, disclosing that a threat actor recently gained unauthorized access to "a portion of our source code repository." Trellix did not ...
CNN

Highway bombing in Colombia kills at least 14 amid a ‘wave’ of attacks

At least 14 people were killed and at least 38 wounded, including five children, after a bomb tore apart a busy road in southwestern Colombia, according to local ...
The New York Times

What to Know About the Stabbing Attack Against 2 Jewish Men in London

The British police said the attack on Wednesday was being treated as terrorism, and they warned of rising antisemitic hate crimes. By Megan Specia Reporting from London A knife attack against two ...
The Conversation

Latest attack threatening President Trump reflects rising political violence in US

For the third time in three years, Donald Trump has come under threat by an attacker. Many facts remain unclear after a gunman stormed the Washington Hilton on April 25, 2026, during the White House ...
NPR

Mali reeling after coordinated attacks hit multiple cities

LAGOS, Nigeria—In Mali, West Africa, armed groups including Islamist militants launched one of the largest coordinated attacks seen in recent years, targeting multiple cities across the country early ...
VentureBeat

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

On March 30, BeyondTrust proved that a crafted GitHub branch name could steal Codex’s OAuth token in cleartext. OpenAI classified it Critical P1. Two days later, Anthropic’s Claude Code source code ...
CNN

A new attack on the rituals that define US democracy

The gunman who allegedly aimed to target President Donald Trump’s Cabinet at an annual dinner celebrating free speech crystallized widening political violence that imperils such fundamental rights.