MAL-2026-4898 Malicious code in @cloudplatform-single-spa/cnapp-ui (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-4875 Malicious code in @car-loans/online-sign-aff (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

MAL-2026-4917 Malicious code in @cloudplatform-single-spa/employees (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-5005 Malicious code in @debit-ib/mobile-debit-ib-additional-card-form (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

MAL-2026-4945 Malicious code in @cloudplatform-single-spa/ml-inference-docker-run (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-5002 Malicious code in @cloudplatform-single-spa/vpc-endpoint (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

PHANTOM_old

PHANTOM Autonomous Penetration Testing Framework Recon -...

Scammers pretending to be Microsoft had help from US executives

A pop-up appears on your computer, warning of a virus. You call the "Microsoft technician" in the pop-up message, and they explain that they need remote access to fix it. Most of us know this script by now. It's a scam, operated by people intent on siphoning money from your account. A court case...

US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows

As Americans stew over the looming risk of job-stealing AI and data centers in their back yards, the feds are raising the alarm about a new category of threat, documents obtained by WIRED show...

Malicious code in @pulse-web-platform-core/scripts-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c69fc52eb76aa05711ea0c128624eb1fc8c70655a58f2f3e646da1dcd20f254 On npm install, the package's preinstall.js performs an HTTP GET to http://$pkg.$scope.oob.moika.tech/poc.js and passes the response body directly to...

MAL-2026-4421 Malicious code in @pulse-web-platform-core/scripts-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c69fc52eb76aa05711ea0c128624eb1fc8c70655a58f2f3e646da1dcd20f254 On npm install, the package's preinstall.js performs an HTTP GET to http://$pkg.$scope.oob.moika.tech/poc.js and passes the response body directly to...

The EU Is Going Through a Trump-Fueled Breakup With Big Tech

France is already moving on from Zoom and Microsoft Teams in favor of homegrown alternatives. Other countries are quickly following suit...

CVE-2026-24710

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS...

Texas sued Netflix over claims it secretly collected and sold users’ data

Attorney General AG of Texas Ken Paxton announced that he sued Netflix for spying on Texans, including children, and collecting users’ data without their knowledge or consent. The suit alleges Netflix secretly tracks and monetizes detailed viewing behavior of users, including children, while...

[SECURITY] Fedora 44 Update: pyp2spec-0.14.1-1.fc44

pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files for Python distributions. It utilizes the benefits of pyproject-rpm-macros...

[SECURITY] Fedora 43 Update: pyp2spec-0.14.1-1.fc43

pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files for Python distributions. It utilizes the benefits of pyproject-rpm-macros...

[SECURITY] Fedora 42 Update: pyp2spec-0.14.1-1.fc42

pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files for Python distributions. It utilizes the benefits of pyproject-rpm-macros...

A week in security (April 20 – April 26)

Last week on Malwarebytes Labs: Medical data of 500,000 UK volunteers listed for sale on Alibaba How cyberattacks on companies affect everyone Apple fixes iOS bug that kept deleted notifications, including chat previews Roblox clamps down on chats and age checks as legal pressure builds Malicious...

Critical: Red Hat Security Advisory: Red Hat Developer Hub 1.8.6 release.

Red Hat Developer Hub 1.8.6 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

EUVD-2025-209544

SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...