Auto-updated from official public cyber feeds with an hourly cache and safe fallback.
lowThe Hacker News
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain 'compatible' with npm v12's security hardenings," JFrog said in a
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
lowSANS ISC
ISC Stormcast For Monday, June 29th, 2026 https://isc.sans.edu/podcastdetail/9986, (Mon, Jun 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
highBleepingComputer
Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country. [...]
Mitigation: Harden SPF/DKIM/DMARC, block sender infrastructure, inspect mailbox rules, and require MFA re-authentication.
These ship ready to run. Claude maps user requests to these vetted handlers, so hosted tools are safe and production-stable.
