Dark Reading

Automated Credential Harvesting Campaign Exploits React2Shell Flaw

An emerging threat cluster is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to steal credentials ...
The Hacker News

How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers

LiteLLM 1.82.7–1.82.8 supply chain attack exposed 33,185 secrets across 6,943 machines, leaving 3,760 valid credentials ...
SecurityWeek

Guardarian Users Targeted With Malicious Strapi NPM Packages

A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...
ADTmag

Java Framework Makers Ship Fixes, Security Patches, and Milestone Builds in March Sprint

Several widely used Java frameworks and tools released new versions in the weeks surrounding Oracle's March 17 launch of JDK 26, as the Spring ecosystem and related projects continued iterating toward ...
SecurityWeek

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...