MUST READ

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

 | 

WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users

 | 

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online

 | 

U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

 | 

Amnesia RAT deployed in multi-stage phishing attacks against Russian users

 | 

Dormakaba flaws allow to access major organizations’ doors

 | 

Emergency Microsoft update fixes in-the-wild Office zero-day

 | 

ShinyHunters claims 2 Million Crunchbase records; company confirms breach

 | 

Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint

 | 

North Korea–linked KONNI uses AI to build stealthy malware tooling

 | 

Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

 | 

Nike is investigating a possible data breach, after WorldLeaks claims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

 | 

Security Affairs newsletter Round 560 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Osiris ransomware emerges, leveraging BYOVD technique to kill security tools

 | 

U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog

 | 

11-Year-Old critical telnetd flaw found in GNU InetUtils (CVE-2026-24061)

 | 

Fortinet warns of active FortiCloud SSO bypass affecting updated devices

 | 

U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

Investigation underway after 72M Under Armour records surface online

 | 

PackageGate

Pierluigi Paganini January 28, 2026
PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

Koi researchers found “PackageGate” flaws in NPM, PNPM, VLT, and Bun that let attackers perform supply chain attacks and run malicious code. Security firm Koi uncovered a set of vulnerabilities collectively tracked as “PackageGate” affecting major JavaScript package managers like NPM, PNPM, VLT, and Bun. These flaws could let attackers bypass supply chain protections and […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

Hacking / January 28, 2026

WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users

Security / January 27, 2026

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online

Hacking / January 27, 2026

U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

Security / January 27, 2026

Amnesia RAT deployed in multi-stage phishing attacks against Russian users

Malware / January 27, 2026