Last updated: July 6, 2026 at 12:53 AM UTC
All 559 Vulnerability 199 Breach 107 Threat 246 Defense 7

Webworm Chinese APT adds EchoCreep (Discord C2) and GraphWorm (MS Graph API C2) backdoors, targets European governments

ESET has documented Chinese-aligned threat actor Webworm adding two new custom backdoors to its toolset: EchoCreep, which uses a Discord channel for command-and-control, and GraphWorm, which routes C2 through the Microsoft Graph API and uploads exfiltrated files to OneDrive. Webworm is staging tools out of a GitHub repository disguised as a WordPress fork and has been observed targeting government organizations in Belgium, Italy, Serbia, Poland, Spain, and a university in South Africa. The earliest EchoCreep Discord commands date to March 21, 2024; about 433 messages have been sent through the channel. Initial access is still unclear, but dirsearch and nuclei are involved.

Check
Search outbound traffic and EDR logs for connections to Discord webhook and CDN domains and Microsoft Graph API endpoints from unexpected hosts. Look for SoftEther VPN binaries on European-government endpoints.
Affected
Government organizations in Belgium, Italy, Serbia, Poland, Spain, and a South African university - Webworm's known European targets. The Graph and Discord C2 patterns also apply to other Chinese APTs.
Fix
Block Webworm GitHub staging repos and ESET-published IoCs. Restrict outbound Discord and Graph API usage where not a legitimate business need. Hunt for dirsearch and nuclei scan signatures.

Ukraine cyber-police identifies 18-year-old Odesa infostealer operator linked to 28,000 stolen accounts and $721K California fraud

Ukrainian cyberpolice working with US law enforcement have identified an 18-year-old man from Odesa as the suspected operator of an infostealer operation that ran from 2024 through 2025 against customers of a California online retailer. The malware harvested 28,000 customer accounts; the operators used about 5,800 of them to make $721,000 in unauthorized purchases, leaving the retailer with around $250,000 in direct losses including chargebacks. The suspect ran the back-end infrastructure for processing and selling stolen session tokens. Police searched two residences and seized computers, phones, and bank cards. No arrest has been announced yet.

Check
Search HIBP and stealer-log marketplaces for your domain. If you run e-commerce, audit accounts with card-not-present orders that didn't match the legitimate user's device fingerprint in 2024-2025.
Affected
Customers of an unnamed California online retailer; 28,000 accounts harvested, 5,800 used in $721K of unauthorized purchases. Operation linked to a single 18-year-old in Odesa, Ukraine.
Fix
For affected users: rotate passwords, revoke active sessions, check card statements. For retailers: deploy session-binding device fingerprinting and require re-authentication for high-value card-not-present orders.

B1ack's Stash dark-web carding marketplace dumps 4.6 million credit-card records for free as 'punishment' for seller misconduct

B1ack's Stash, a dark-web carding marketplace operating since at least 2023, has released roughly 4.6 million stolen credit-card records as a free download. The market frames the dump as punishment for sellers caught reselling its data on rival platforms; SOCRadar says the marketplace also suspended about 8 million additional CVV2 records. The records include full PAN, CVV2, expiration date, billing address, full name, email, phone number, and IP address, which makes them directly usable for card-not-present fraud and account-opening fraud. This is the third free dump B1ack's Stash has used as a customer-acquisition tactic since its 2024 emergence.

Check
Run BIN lookups across the leaked card ranges (via SOCRadar or Recorded Future feeds your IR partner provides) for your issued cards. Increase card-not-present fraud monitoring for 30-60 days.
Affected
Roughly 4.6 million cardholders in the dump - mostly US, Canada, UK, Australia, Puerto Rico per historical B1ack's Stash regional distribution. Direct fraud-of-card risk for all holders.
Fix
For impacted issuers: pre-emptive reissue of cards seen in the dump. For consumers: monitor card statements, enable transaction notifications, and freeze cards if anomalous transactions appear. Phishing risk also elevated.

TeamPCP claims ~4,000 GitHub internal repos stolen and for sale on Breached forum, GitHub confirms investigation

GitHub said it is investigating after the cybercrime group TeamPCP listed 'GitHub's source code and internal orgs' for sale on the Breached forum, claiming access to about 4,000 internal repositories and asking at least $50,000. GitHub told BleepingComputer it has 'no evidence of impact to customer information stored outside of GitHub's internal repositories' and that customers will be alerted if that changes. TeamPCP is the same group behind the TanStack supply-chain attack that hit OpenAI and Grafana, the Aqua Trivy compromise, the LiteLLM infection, and the Mistral AI source-code theft. GitHub hosts code for 4 million organizations and 180 million developers.

Check
Audit GitHub Actions workflows for refs pulled via pull_request_target from forks. Inventory developer machines that synced internal-org repos in the last 30 days for unusual outbound git pushes.
Affected
GitHub.com users specifically: TeamPCP's claim is limited to GitHub's own internal repos so far. Downstream impact is possible if private code referencing customer secrets is leaked.
Fix
Wait for GitHub's official notification. Rotate any tokens or PATs that lived in repositories you suspect could be referenced by GitHub internal code, and assume secret-scanning rules might be reverse-engineered.

Shai-Hulud wave: 600+ npm @antv packages compromised in one hour, GitHub Action 'actions-cool' tag hijack linked

Between 01:56 and 02:56 UTC on May 19, a Shai-Hulud-flavored attack published 639 malicious versions across 323 npm packages, mostly in the @antv chart and graph namespace, after compromising the maintainer account 'atool.' Affected libraries include @antv/g2, @antv/g6, echarts-for-react, timeago.js, and jest-canvas-mock (still 10M monthly downloads despite three years dormant). A linked attack hijacked 15 tags of the 'actions-cool' GitHub Action and replaced them with a credential stealer that reads runner memory and exfils to t.m-kosche[.]com - the same domain as the @antv campaign. Socket and Aikido say there are now 2,900+ GitHub repos generated by this wave.

Check
Audit package lockfiles and CI logs for installs of any @antv/* package or timeago.js, size-sensor, jest-canvas-mock, echarts-for-react published on May 19. Search workflows for 'actions-cool/maintain-one-comment@<tag>' references.
Affected
Developers and CI/CD pipelines that installed @antv packages or used the actions-cool GitHub Actions between May 19 01:56 UTC and the npm registry takedown.
Fix
Pin GitHub Actions to full commit SHAs, not tags. Block egress to t.m-kosche.com. Rotate every developer token, npm token, cloud credential, and SSH key on machines that ran affected builds.

Nx Console 18.95.0 VS Code extension compromised in 11-minute window - kitty.py persistence and credential theft

The Nx team has confirmed that version 18.95.0 of its VS Code extension was malicious and that a few users were compromised. The bad version was available on the marketplace for only 11 minutes on May 18 (12:36 to 12:47 UTC), but that was enough to plant Python-based persistence under ~/.local/share/kitty/cat.py and a macOS LaunchAgent at com.user.kitty-monitor.plist, then steal tokens, secrets, and SSH keys reachable from the machine. The Nx team has shipped a clean 18.100.0 release and published indicators of compromise. This is the second time Nx has been targeted within a year, after the August 2025 s1ngularity supply-chain attack on its npm packages.

Check
Identify VS Code endpoints with the Nx Console extension. Check for ~/.local/share/kitty/cat.py, ~/Library/LaunchAgents/com.user.kitty-monitor.plist, /var/tmp/.gh_update_state, /tmp/kitty-*, or any process with __DAEMONIZED=1.
Affected
Anyone who installed Nx Console 18.95.0 from the VS Code marketplace during the 11-minute window on May 18 (12:36-12:47 UTC). A few users are confirmed affected.
Fix
Update Nx Console to 18.100.0. Kill malicious processes, delete IoC files, remove the LaunchAgent, and rotate every credential reachable from the developer machine - tokens, secrets, SSH keys.

Grafana confirms its GitHub breach started with the TanStack npm supply-chain attack (TeamPCP)

Grafana Labs has confirmed that its previously disclosed GitHub breach started with the TanStack npm supply-chain attack run by TeamPCP, the same one that hit OpenAI and Mistral AI. Grafana detected the activity on May 11, rotated a significant number of GitHub workflow tokens, but one token slipped through and the attacker used it to pull Grafana's codebase. The downstream extortion attempt under the CoinbaseCartel banner came on May 16 and Grafana refused to pay, citing FBI guidance. The incident chains TeamPCP's TanStack OIDC-token theft into a directly observable secondary breach at a major observability vendor.

Check
If you maintained or rebuilt Grafana forks since May 11, or used Grafana Labs GitHub Actions, audit CI logs and outbound traffic against TanStack-attack IoCs published by Wiz and Snyk.
Affected
Grafana Labs (codebase, already public). New attribution links the breach to the TanStack supply-chain attack. No direct customer or Grafana Cloud impact reported.
Fix
Adopt OIDC trusted publishing. Treat GitHub Actions workflow tokens as short-lived and rotate aggressively. Seed canary tokens in private repos - Grafana detected this breach via a canary trigger.

ChromaDB CVE-2026-45829: unauthenticated RCE via pre-auth model load - 73% of internet-exposed servers vulnerable

HiddenLayer has disclosed a maximum-severity unauthenticated remote-code-execution vulnerability, CVE-2026-45829, in ChromaDB's Python FastAPI server. ChromaDB is one of the most popular vector databases backing retrieval-augmented-generation pipelines, with about 14 million monthly PyPI downloads. A vulnerable endpoint marked as authenticated lets an attacker embed model settings before authentication is checked, so a crafted request makes ChromaDB load a malicious model from Hugging Face and execute it locally. The auth check fires only after the payload has already run. The bug was introduced in 1.0.0 and was still present in 1.5.8. HiddenLayer's Shodan sweep shows ~73% of internet-exposed Chroma instances are vulnerable.

Check
List Python ChromaDB deployments and versions. Check whether the FastAPI HTTP server is reachable beyond its host network. Capture access logs to /api/v1/auth endpoints since 2026-02-17.
Affected
ChromaDB Python FastAPI server 1.0.0 through at least 1.5.8 (1.5.9 status unclear) that exposes the HTTP server to the network. Rust frontend and local-only Python deployments are not affected.
Fix
Move to the Rust frontend, or take the Python HTTP server off the network and front it with an authenticated reverse proxy. Restrict the ChromaDB API port to localhost or VPC-only.

Storm-2949 abuses Microsoft 365 Self-Service Password Reset to hijack accounts, pivot from M365 into Azure production

Microsoft is tracking a financially motivated actor it calls Storm-2949 that abuses the Microsoft 365 Self-Service Password Reset flow to hijack high-value identities and then exfiltrate as much data as possible. The actor socially engineers IT staff and senior leaders, kicks off an SSPR reset, then poses as IT support and convinces the victim to approve the resulting MFA prompt. Once in, Storm-2949 uses Graph API and custom Python to enumerate the tenant, downloads thousands of OneDrive and SharePoint files in single actions, and pivots into Azure - VMs, Key Vaults, SQL, storage - via privileged custom RBAC roles.

Check
In Entra audit logs, find users who reset their password and within 24 hours added or had MFA removed. Pull Graph API calls enumerating users and service principals from new IPs.
Affected
Microsoft 365 tenants with SSPR enabled where help-desk identity is not strongly authenticated. High-privilege custom Azure RBAC roles assigned broadly amplify blast radius.
Fix
Require ticket-based identity verification for SSPR resets on admin and exec accounts. Enforce phishing-resistant FIDO2 MFA. Tighten custom-role assignments. Alert on mass OneDrive downloads via Defender for Cloud.

Microsoft dismantles Fox Tempest 'malware-signing-as-a-service' that abused Azure Artifact Signing for 1,000+ certificates

Microsoft's Digital Crimes Unit, supported by law enforcement, has disrupted Fox Tempest, a 'malware-signing-as-a-service' offering that abused Azure Artifact Signing (formerly Trusted Signing) to issue legitimate Microsoft-signed certificates for malware. Operators created more than 1,000 certificates and hundreds of Azure tenants using stolen US and Canadian identities, all valid for 72 hours to reduce takedown risk. Microsoft has revoked the certificates, seized the signspace[.]cloud domain, and taken hundreds of supporting VMs offline. The service signed Oyster, Lumma Stealer, Vidar, and ransomware payloads for Rhysida, Akira, INC, Qilin, and BlackByte, used by groups including Vanilla Tempest and Storm-0501.

Check
Search EDR and Defender SmartScreen logs for binaries signed by Microsoft Azure Artifact Signing certificates between 2025 and 2026-05-19. Cross-reference Microsoft's revoked certificate list.
Affected
Endpoints that trust Microsoft Azure Artifact Signing certificates without additional publisher verification. Especially relevant if previously targeted by Vanilla Tempest, Storm-0501, Storm-2561, or Storm-0249.
Fix
Tighten Defender SmartScreen and AppLocker rules so a publisher signature alone is not sufficient trust. Verify the named publisher of any Microsoft Artifact Signing-signed binary matches the expected software vendor.