Sys-Admin Up

New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here Four malicious npm packages were uploaded to npm by the same threat actor, including a non-obfuscated Shai-Hulud clone https://www.ox.security/blog/new-actors-deploy-shai-hulud-clones-teampcp-copycats-are-here/

NGINX ngx_http_rewrite_module Heap-Based Buffer Overflow (Queries and Signatures Only) An unauthenticated attacker can crash the NGINX worker process by sending crafted HTTP requests - CVE-2026-42945: https://docs.vulncheck.com/initial-access/2026-05-15#cve-2026-42945-nginx-ngx_http_rewrite_module-heap-based-buffer-overflow-queries-and-signatures-only

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps ..The malware’s primary command-and-control channel has been migrated onto The Open Network (TON) using .adnl endpoints routed through an embedded local TON proxy..: https://www.threatfabric.com/blogs/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app

Bleeding Llama: Critical Unauthenticated Memory Leak in Ollama https://www.cyera.com/research/bleeding-llama-critical-unauthenticated-memory-leak-in-ollama

PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/

Donuts and Beagles: Fake Claude site spreads backdoor https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor

Donuts and Beagles: Fake Claude site spreads backdoor https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor

A CVSS 10.0 in Gemini CLI: How Agentic Workflows Are Reshaping Supply Chain Risk https://novee.security/blog/google-gemini-cli-rce-vulnerability-cvss-10-critical-security-advisory/

CVE-2025-29635: Mirai Campaign Targets D-Link Devices https://www.akamai.com/blog/security-research/2026/apr/cve-2025-29635-mirai-campaign-targets-d-link-devices

Internet Protocol Version 8 (IPv8) coming.. https://www.ietf.org/archive/id/draft-thain-ipv8-00.html

Claude Code Hooks as Initial Access & Persistence https://www.s0ld13r.kz/posts/claude-code-backdoor/

Windows Defender threatens to completely take over the SYSTEM Источник: https://www.anti-malware.ru/news/2026-04-16-111332/49724 Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that's supposed to protect decides that it is a good idea to just rewrite the file it found again to it's original location. The PoC abuses this behaviour to overwrite system files and gain administrative privileges. https://github.com/Nightmare-Eclipse/RedSun