May 18, 2026
Do fear the Reaper – stealer swipes macOS users’ passwords, wallets, then backdoors them
While also spoofing all the trusted domains - Apple, Microsoft, and Google - in the same attack
Shai-Hulud copycat worm infects yet another npm package
Plus three other stealers in three other packages, all from the same scumbag
Linux kernel flaw opens root-only files to unprivileged users
Plus ModuleJail, a radical proposal for minimizing the impact of similar bugs
TanStack weighs invitation-only pull requests after supply chain attack
Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions
NGINX Rift attackers waste no time targeting exposed servers
Researchers say 18-year-old flaw already being probed and exploited just days after disclosure
Poland directs officials to ditch Signal in favor of ‘secure’ state-developed alternative
Shift comes amid mounting reports of successful social engineering attacks targeting higher-ups in government
F-35 software delays leave UK buying time with US glide bombs
MoD says StormBreaker will plug gap until homegrown SPEAR 3 integration lands