IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer...

CVE-2026-2590

CVE-2026-2590 affects Devolutions Remote Desktop Manager up to version 2025.3.30. The issue is improper enforcement of the Disable password saving in vaults setting in the connection entry component, allowing an authenticated user to persist credentials in vault entries by creating or editing cer...