SecurityWeek

Critical SimpleHelp Vulnerability Exploited for Malware Delivery

A threat actor has been exploiting CVE-2026-48558, a critical SimpleHelp vulnerability, to drop TaskWeaver and Djinn Stealer ...
SecurityWeek

Exploitation of Recent Oracle E-Business Suite Vulnerability Begins

Threat actors have started exploiting CVE-2026-46817, a critical-severity vulnerability in Oracle E-Business Suite’s Payments ...
Crypto Briefing

Apple expands App Bundles to allow cross-developer subscription packages

Apple is opening App Store subscription bundles to developers from different companies, giving independent app makers a new way to package services together and sell them at a combined price. The ...
TechCrunch

Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code ...
Ars Technica

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
CSOonline

Infected Red Hat npm packages expose developer credentials

Researchers have uncovered a new Shai-Hulud malware variant that now also gathers Google Cloud and Azure identities, an addition to its previous credential-snatching behavior. Developers who pulled ...
InfoWorld

Infected Red Hat npm packages expose developer credentials

Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through software publishing ecosystems for persistence and credential theft. Developers ...
Ars Technica

Dozens of Red Hat packages backdoored through its official NPM channel

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more ...
GitHub

Oracle AI Developer Hub

Applications and reference implementations demonstrating how to build AI-powered solutions with Oracle technologies. These complete, working examples showcase end-to-end implementations of AI ...
McCovey Chronicles

Thursday BP: Oracle Park removes popular/controversial concession package

According to reporting from Gabe Fernandez of SFGate, the San Francisco Giants have removed a food item that was both popular and controversial from availability at Oracle Park. The Giants were among ...
CSOonline

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini ...