npm supply-chain attacks: jscrambler infostealer, Injective wallet theft, Zimbra RCE
jscrambler npm 8.14.0 compromised with Rust infostealer, Zimbra XSS flaw enables code execution
Read the full briefing →AI-generated daily briefings and vulnerability analysis for security teams who need signal, not noise.
jscrambler npm 8.14.0 compromised with Rust infostealer, Zimbra XSS flaw enables code execution
Read the full briefing →| CVE | Product | CVSS | Exploited | Patch |
|---|---|---|---|---|
| CVE-2026-48282 | Adobe ColdFusion | 10 | KEV | advisory |
| CVE-2026-48558 | SimpleHelp | 10 | KEV | — |
| CVE-2026-10520 | Ivanti Sentry | 10 | KEV | — |
| CVE-2026-48908 | JoomShaper SP Page Builder | 9.8 | KEV | — |
| CVE-2026-12569 | PTC Windchill And FlexPLM | 9.8 | KEV | — |
KEV = listed in CISA catalog · IN WILD = active exploitation reported · PoC = public exploit code
jscrambler npm 8.14.0 compromised with Rust infostealer, Zimbra XSS flaw enables code execution
Progress Software orders immediate shutdown of ShareFile Storage Zone Controllers; Injective Labs GitHub compromise distributes crypto-stealing malware; six new U-Boot bootloader vulnerabilities discovered in IoT and data-center devices.
Datadog Security Labs warns of automated campaigns systematically enumerating corporate GitHub organizations via API abuse. Microsoft disassembles destructive GigaWiper backdoor combining disk wipe, ransomware, and spyware. npm 12 disables install scripts by default to reduce supply-chain risk.
Ubiquiti patches critical UniFi flaws enabling privilege escalation and RCE across Connect, Talk, Access, Protect, AI coding assistants face new HalluSquatting attacks that trick them into installing botnet malware.
59 security tools indexed · free + paid + open source · updated regularly
No tools match your search. Try a different keyword.
Pick up to 4 tools to compare pricing, deployment, and capabilities
Once a day at 04:00 UTC, the pipeline pulls ten authoritative security feeds – including CISA advisories – and extracts the day’s most important stories and the CVEs they cite.
Every CVE is checked against NVD for canonical CVSS and cross-referenced with the CISA KEV catalog. Inline citations link each story to its sources, and a skeptical second AI pass flags – or blocks – claims it can’t substantiate.
Severity is scored from CVSS and confirmed exploitation – not editorial tone – so Critical is rare by design. Structured briefings tell your team exactly what to patch, investigate, or escalate.
Join security professionals who start their morning with defend.network intelligence. Free forever.