Cryptika

OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack

May 15, 2026 Two employee devices at OpenAI were compromised in a sweeping software supply chain attack targeting TanStack npm, but the AI company confirmed no user data, production systems, or intellectual property were affected. On May 11, 2026 UTC, threat actors launched a campaign dubbed “Mini Shai-Hulud” a coordinated supply chain offensive orchestrated by the TeamPCP extortion gang. The attackers injected malicious code into TanStack, a widely used open-source JavaScript library, by abusing weaknesses in the project’s GitHub Actions workflows and CI/CD configuration....

OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack | Cryptika Cybersecurity OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog WriterMay 15, 2026 Spread the love May 15, 2026 Two employee devices at OpenAI were compromised in a sweeping software supply chain attack targeting TanS...

Cisco Catalyst SD-WAN Controller 0-Day Actively Exploited to Gain Admin Access

May 15, 2026 A maximum-severity zero-day vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited in the wild, allowing unauthenticated remote attackers to fully bypass authentication and seize administrative control of enterprise network infrastructure. Tracked as CVE-2026-20182 with a CVSS score of 10.0, the flaw puts SD-WAN deployments across on-premises, cloud, and government environments at critical risk. Cisco Catalyst SD-WAN Controller 0-Day…...

Cisco Catalyst SD-WAN Controller 0-Day Actively Exploited to Gain Admin Access | Cryptika Cybersecurity Cisco Catalyst SD-WAN Controller 0-Day Actively Exploited to Gain Admin Access In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog WriterMay 15, 2026 Spread the love May 15, 2026 A maximum-severity zero-day vulnerability in Cisco Catalyst SD-WAN Controller is being actively...

Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets

May 14, 2026 A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot from compromised IT networks into operational technology systems that control physical infrastructure. The campaign is alarming because it does not rely on cutting-edge exploits. Instead, Sandworm walks through doors that were already left open, turning unresolved vulnerabilities into launchpads for attacks on industrial control systems....

Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets | Cryptika Cybersecurity Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog WriterMay 14, 2026 Spread the love May 14, 2026 A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated piv...

Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network

May 14, 2026 A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaijani oil and gas company, exploiting an unpatched Microsoft Exchange server to plant multiple backdoors inside the network. The attack ran from late December 2025 through late February 2026 and stands as one of the most detailed Chinese APT intrusions targeting energy infrastructure in the South Caucasus ever documented....

Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network | Cryptika Cybersecurity Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog WriterMay 14, 2026 Spread the love May 14, 2026 A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaij...

New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass

May 14, 2026 A newly uncovered malware framework is raising serious alarms across the cybersecurity community. Researchers have identified a previously unknown implant called TencShell, a sophisticated tool capable of giving attackers full remote control over a compromised system. The discovery highlights how threat actors are quietly repurposing publicly available offensive tools to carry out targeted intrusions with far less effort than before....

New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass | Cryptika Cybersecurity New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog WriterMay 14, 2026 Spread the love May 14, 2026 A newly uncovered malware framework is raising serious alarms across the cybersecurity c...

Anthropic’s Mythos AI Reportedly Found macOS Vulnerabilities that Could Bypass Apple Security

May 14, 2026 Security researchers at Calif, a Palo Alto-based cybersecurity firm, have used techniques derived from an early version of Anthropic’s secretive Mythos AI model to uncover two previously undocumented vulnerabilities in Apple’s macOS. The bugs were chained together into a privilege escalation exploit capable of bypassing Apple’s state-of-the-art memory integrity enforcement, granting unauthorized access to parts of the system that are supposed to be completely off-limits....

Anthropic’s Mythos AI Reportedly Found macOS Vulnerabilities that Could Bypass Apple Security | Cryptika Cybersecurity Anthropic’s Mythos AI Reportedly Found macOS Vulnerabilities that Could Bypass Apple Security In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog WriterMay 14, 2026 Spread the love May 14, 2026 Security researchers at Calif, a Palo Alto-based cybersecurity firm, have used...

Hackers Compromise 170 npm Packages to Steal GitHub, npm, AWS, and Kubernetes Secrets

May 14, 2026 A sprawling supply chain attack has put software developers worldwide on high alert after hackers compromised more than 170 npm packages and two PyPI packages in a coordinated credential theft campaign. The infected packages are collectively downloaded over 200 million times per week, making the potential blast radius enormous. The threat group behind the campaign, tracked as TeamPCP, injected malicious loaders and obfuscated JavaScript payloads into widely used developer packages....

Hackers Compromise 170 npm Packages to Steal GitHub, npm, AWS, and Kubernetes Secrets | Cryptika Cybersecurity Hackers Compromise 170 npm Packages to Steal GitHub, npm, AWS, and Kubernetes Secrets In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog WriterMay 14, 2026 Spread the love May 14, 2026 A sprawling supply chain attack has put software developers worldwide on high alert afte...

Amazon Quick Bug Exposed AI Chat Agents to Users Blocked by Custom Permissions

May 14, 2026 Imagine locking your organization’s sensitive data behind a heavy vault door, only to realize the locking mechanism is entirely missing. Security researchers at Fog Security recently uncovered a severe authorization bypass in Amazon Quick’s AI Chat Agents. This vulnerability allowed blocked users to interact freely with enterprise AI tools, despite explicit administrative restrictions. Compounding the issue, AWS silently patched the flaw without notifying customers or issuing a public advisory, categorizing the risk severity as “none.”...

Amazon Quick Bug Exposed AI Chat Agents to Users Blocked by Custom Permissions | Cryptika Cybersecurity Amazon Quick Bug Exposed AI Chat Agents to Users Blocked by Custom Permissions In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog WriterMay 14, 2026 Spread the love May 14, 2026 Imagine locking your organization’s sensitive data behind a heavy vault door, only to realize...

New Critical Exim Mailer Allows Remote Attacker to Execute Arbitrary Code

May 14, 2026 A critical vulnerability in the widely used Exim mail server allows unauthenticated attackers to execute arbitrary code and fully compromise exposed servers. Federico Kirschbaum, head of the Security Lab at XBOW, discovered and reported the issue, which has been dubbed Dead.Letter. The vulnerability carries a massive CVSS severity score of 9.8, making it one of the highest-caliber bugs ever identified in the Exim ecosystem....

New Critical Exim Mailer Allows Remote Attacker to Execute Arbitrary Code | Cryptika Cybersecurity New Critical Exim Mailer Allows Remote Attacker to Execute Arbitrary Code In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog WriterMay 14, 2026 Spread the love May 14, 2026 A critical vulnerability in the widely used Exim mail server allows unauthenticated attackers to exe...

Dell Support assist Updates Forces Windows Systems to BSOD Loop

May 14, 2026 A faulty update to Dell’s SupportAssist Remediation service is sending thousands of Dell and Alienware laptop users into endless Blue Screen of Death (BSOD) loops, with systems crashing every 30 minutes and displaying the dreaded CRITICAL_PROCESS_DIED stop error. Dell Engineering has confirmed awareness of the bug and is actively working on a fix. The root cause has been traced to Dell SupportAssist Remediation version 5.5.16.0, a background service that operates independently of the main SupportAssist application....

Dell Support assist Updates Forces Windows Systems to BSOD Loop | Cryptika Cybersecurity Dell Support assist Updates Forces Windows Systems to BSOD Loop In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog WriterMay 14, 2026 Spread the love May 14, 2026 A faulty update to Dell’s SupportAssist Remediation service is sending thousands of Dell and Alienware lapto...

Microsoft Research Shows AI Can Generate Realistic Command Lines and Process Telemetry

May 14, 2026 Artificial intelligence is now capable of generating attack telemetry that looks and behaves like the real thing, and that is changing how security teams think about testing their defenses. In new work, Microsoft researchers show that large language models can create realistic command lines and process trees that closely mimic human-operated intrusions. Instead of waiting for rare real-world incidents, defenders can now flood their own environments with convincing, synthetic attacks to stress test detection logic at scale....

Microsoft Research Shows AI Can Generate Realistic Command Lines and Process Telemetry | Cryptika Cybersecurity Microsoft Research Shows AI Can Generate Realistic Command Lines and Process Telemetry In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog WriterMay 14, 2026 Spread the love May 14, 2026 Artificial intelligence is now capable of generating attack telemetry that looks and be...