Laravel Lang packages hijacked to deploy credential-stealing malware (2026-05-23 20:48 UTC)
Kurz: A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer p…
Kurz: Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. […]
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks (2026-05-23 16:35 UTC)
Kurz: GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called stage…
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware (2026-05-23 16:07 UTC)
Kurz: A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. “Although the affected packages were all Composer packag…
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software (2026-05-23 11:55 UTC)
Kurz: Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiativ…