AntV npm Compromised, Drupal Urgent Patches, GitHub Action Supply Chain Attack

THN Daily Updates Cognitive Cyber Crimes in the Era of Artificial Intelligence ($260.95 Value) FREE for a Limited Time Protect your organization from next-generation threats with this comprehensive analysis of cognitive cybercrimes, addressing future legal, ethical, and policy challenges in the age of AI. Download Now Sponsored LATEST NEWS May 19, 2026 The New Phishing Click: How OAuth Consent Bypasses MFA In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the pl... Read More Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve time for core update... Read More [Webinar] Securing AI-Driven Insider Threats in Real Time Register for the live webinar to learn how to detect AI risks and prevent data leaks. Read More SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to re... Read More Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (v... Read More Time-to-Revoke: The Metric CISOs Need in the AI Exploit Era Exposed secrets stay valid for years as exploit timelines fall below one day, expanding breach reach and persistence. Read More Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them... Read More Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. ... Read More Cognitive Cyber Crimes in the Era of Artificial Intelligence ($260.95 Value) FREE for a Limited Time Protect your organization from next-generation threats with this comprehensive analysis of cognitive cybercrimes, addressing future legal, ethical, and policy challenges in the age of AI. Download Now Sponsored This email was sent to sikubaycom.s3cr3tz@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from THN. To manage your email newsletter preferences, please click here. Contact THN: info@thehackernews.com Unsubscribe THN | K.P BLock, Pitampura, Delhi