25.05.2026

The Hacker News 23.05.2026 16:35
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation.

Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve

The Hacker News 23.05.2026 11:55
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month.

Project Glasswing is a defensive effort launched by the artificial intelligence (AI) company to secure critical global software

The Hacker News 23.05.2026 07:35
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild.

The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions.

"Any cPanel user (including an attacker or a compromised account) may

The Hacker News 23.05.2026 07:23
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core.

"Drupal Core

Heise Security 22.05.2026 20:59
Ein Cyberangriff auf den Abrechnungsdienstleister Unimed betrifft zahlreiche Kliniken und sensible Daten von zehntausenden Patienten. Unimed hält sich bedeckt.