Cybersecurity firm Koi Security has identified a malicious version of an npm package used for automated email handling, which was silently forwarding outbound messages to an external domain controlled by the developer. The package, named postmark-mcp, is intended to allow applications—often AI assistants—to send emails through Postmark’s transactional email API. Starting with version 1.0.16, the

Continue Reading

Drupal, the widely-used content management system powering millions of websites globally, has issued important security updates addressing vulnerabilities in six popular contributed modules. Among these, a critical flaw demands immediate attention from site administrators. The security advisories affect modules powering essential website features including e-commerce currency tools, visitor analytics, and user authentication systems across thousands

Continue Reading

Security researchers at Malwarebytes have uncovered a widespread campaign using fake GitHub pages to distribute macOS information-stealing malware. The operation impersonates legitimate software projects and tricks users into installing a strain of Mac infostealer dubbed Atomic Stealer. These counterfeit pages mimic legitimate project repositories and sometimes appear in search results or through paid ads that

Continue Reading

A critical vulnerability has been discovered in Fortra’s GoAnywhere MFT software that demands urgent attention from IT administrators and security teams. On September 18th, 2025, Fortra released a security advisory detailing a severe vulnerability in their popular GoAnywhere Managed File Transfer (MFT) solution. This isn’t just another routine security update – with a maximum CVSS

Continue Reading

A new zero-click vulnerability, dubbed ShadowLeak, has been discovered in OpenAI’s ChatGPT Deep Research agent, according to a report by The Hacker News. The flaw has the potential to expose Gmail inbox data to attackers, without any direct user interaction, simply by sending a malicious email to a victim. This security breach underscores the growing

Continue Reading

In today’s rapidly evolving digital landscape, securing critical infrastructure and applications is more important than ever. Nokia, a global leader in telecommunications, has recently issued two important security advisories for its CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS). These vulnerabilities, tracked as CVE-2023-49564 and CVE-2023-49565, affect some versions of these products, and both

Continue Reading

The Jenkins project has issued a new security advisory detailing multiple vulnerabilities affecting recent versions of Jenkins core. The issues include a high-severity denial-of-service (DoS) vulnerability affecting instances configured to use HTTP/2, as well as several medium-severity flaws related to permission checks and log handling. The most critical issue, tracked as CVE-2025-5115, involves a vulnerability

Continue Reading

SonicWall has confirmed a security incident involving its MySonicWall cloud backup service, after detecting a series of brute-force attacks that successfully accessed configuration files for a subset of customer firewalls. According to the disclosure, the incident impacts fewer than 5% of SonicWall firewall customers. The affected files, referred to as firewall preference files, were stored

Continue Reading