VulnHub

Hackers have compromised the popular node-ipc npm package, adding malware designed to steal user credentials in recent versions. This supply chain attack specifically targets developers who rely on node-ipc for inter-process communication in their applications. Users of the affected package are at risk of having their sensitive information, such as passwords and tokens, captured by the malicious code. This incident serves as a reminder of the vulnerabilities that can arise in the software supply chain, affecting not just individual developers but also the larger ecosystem that relies on these packages. Developers are urged to review their dependencies and ensure they are using safe versions of node-ipc to protect their credentials.

Microsoft has confirmed that a new zero-day vulnerability in Exchange Server, identified as CVE-2026-42897, is being actively exploited by attackers. This vulnerability has a CVSS score of 8.1, indicating a high level of severity. It stems from improper handling of user input during web page generation, which can lead to cross-site scripting (XSS) attacks. Organizations using affected versions of Exchange Server are at risk, as attackers could exploit this flaw to execute malicious scripts in the context of users' browsers. Microsoft urges users to take immediate action to protect their systems and data from potential breaches.

The REMUS infostealer is a malware that focuses on stealing browser sessions and authentication tokens, which are now considered more valuable than traditional passwords. Researchers from Flare have observed its rapid evolution, emphasizing its capability for session theft and operational scalability. This malware allows attackers to hijack users' online accounts without needing to crack passwords, posing a significant risk to individuals and organizations alike. As cybercriminals increasingly adopt this method, users must be vigilant about their online security practices. The shift towards session theft indicates a growing trend in cyberattacks that could affect a wide range of online services and platforms.

Cisco has released a patch for a serious security vulnerability (CVE-2026-20182) affecting its Catalyst SD-WAN solutions. This flaw allows attackers to bypass authentication in both the Catalyst SD-WAN Controller and the Catalyst SD-WAN Manager, which are critical components for managing SD-WAN deployments. The vulnerability has been actively exploited by a sophisticated cyber threat actor, putting both on-premises and cloud users at risk. Organizations using these Cisco products should prioritize applying the patch to safeguard their networks from potential breaches. Failure to address this vulnerability could lead to unauthorized access and significant security incidents.

Microsoft has issued a warning regarding a zero-day vulnerability in Exchange Server, identified as CVE-2026-42897, which is currently being exploited by attackers. This vulnerability affects various versions of Exchange Server, putting organizations that use this software at risk. Microsoft has not yet released a permanent patch but has provided interim mitigations to help secure affected systems. Users and administrators are urged to implement these mitigations to protect their environments until a comprehensive fix is available. The active exploitation of this vulnerability underscores the urgency for affected organizations to take immediate action.

Recent findings reveal that some AI-driven video age-verification systems can be easily deceived using simple disguises, like a fake mustache. This raises significant concerns for platforms relying on these systems to prevent underage access to content. Researchers demonstrated that these AI checks, designed to ensure compliance with age restrictions, may not be as secure as intended. The implications of this vulnerability could be serious, as it allows minors to bypass safeguards meant to protect them. Companies that implement age-verification measures need to reassess their systems to ensure they cannot be easily tricked and to better protect their users.

OpenAI reported that two of its employee devices were compromised due to a supply chain attack linked to TanStack, specifically the Mini Shai-Hulud incident. Fortunately, the company confirmed that no user data, production systems, or intellectual property were altered or stolen during this attack. Upon discovering the malicious activity, OpenAI swiftly initiated an investigation and took measures to contain the situation. This incident underscores the ongoing risks associated with supply chain vulnerabilities, highlighting the need for organizations to remain vigilant against such attacks. While no sensitive information was impacted, the event serves as a reminder of the potential threats lurking in software dependencies.

ESET has reported that the Ghostwriter group, also known as FrostyNeighbor, has resumed its cyberattacks on Ukrainian government organizations. This activity has been ongoing since at least March 2026 and follows a pattern similar to their previous campaigns. The group appears to be targeting sensitive government systems, which raises concerns about the security of critical infrastructure in Ukraine. As the conflict in the region continues, these attacks could have serious implications for government operations and national security. Researchers emphasize the need for heightened vigilance and improved cybersecurity measures within affected organizations.

Microsoft has issued a warning about a serious cross-site scripting (XSS) vulnerability, identified as CVE-2026-42897, affecting on-premises versions of Microsoft Exchange Server. This vulnerability allows unauthorized attackers to spoof users over a network, posing significant risks to organizations that have not yet applied any fixes. The affected versions include Microsoft Exchange Server Subscription Edition RTM, 2019, and 2016, while Exchange Online remains unaffected. Microsoft is currently working on a permanent fix, but until it is released, they have provided temporary mitigations for users to implement. Organizations using the affected versions should take immediate action to safeguard their systems from potential exploitation.