Npav Lab
-
Read moreHackers are using fake Claude Code installation pages to distribute a fileless .NET infostealer that steals credentials and bypasses traditional security defenses. -
Posted: June 04, 2026Views: 24Read moreResearchers discovered a Google Gemini vulnerability that allowed malicious WhatsApp, Slack, and SMS notifications to manipulate the AI assistant and trigger unauthorized actions on Android devices. -
Read moreTelangana CID arrested 11 suspects involved in a large cyber fraud and online betting racket using mule accounts, fake identities, and money laundering networks across multiple Indian states. -
Posted: June 02, 2026Views: 28Read moreA vulnerability in Instagram's Meta AI-powered account recovery system allegedly allowed attackers to obtain password reset codes and hijack high-value accounts by bypassing identity verification checks. -
Posted: May 28, 2026Views: 30Read moreCybercriminals are using Telegram channels to sell verified bank accounts, fintech wallets, and crypto exchange accounts for money laundering operations powered by AI-generated identities and deepfake KYC bypass techniques. -
Read moreCERT-In has issued new guidelines requiring organizations to patch critical internet-facing vulnerabilities within 12 hours, warning that AI-powered cyberattacks are drastically reducing exploitation timeframes and increasing cyber risk. -
Read moreSecurity researchers discovered that WhatsApp chat histories may be stored unencrypted on macOS and iOS devices, potentially allowing local access to decrypted messages through shared app containers. -
Read moreThe Megalodon supply chain attack compromised over 5,500 GitHub repositories within six hours by injecting malicious GitHub Actions workflows designed to steal cloud credentials, API keys, SSH keys, and CI/CD secrets. -
Read moreA newly disclosed Linux kernel vulnerability, CVE-2026-46333, allows attackers to steal SSH private keys and gain root access through a local privilege escalation flaw affecting Linux systems for nearly nine years. -
Read moreA supply chain attack called Mini Shai-Hulud compromised multiple npm packages in the @antv ecosystem, injecting credential-stealing malware. Developers using affected packages risk stolen tokens, data exfiltration, and persistent malware infections.
Recent Posts
