Cybersecurity
When the internet’s plumbing catches fire
Russia’s Secret Blizzard Upgrades Kazuar Backdoor Into a Peer-to-Peer Botnet — Your Government’s Network Now Has Better Mesh Connectivity Than Your Wi-Fi
Secret Blizzard — the Russian state-sponsored threat group also tracked as Turla, one of the most sophisticated cyber-espionage outfits on the planet — has upgraded…
Read morePwn2Own Berlin Researchers Collect $908,750 for 39 Zero-Days in Two Days — Your Enterprise Software Just Got a Very Public Performance Review
🤚 The Open-Palm Exploit Buffet The second day of Pwn2Own Berlin 2026 concluded on May 15 with security researchers collecting $385,750 in prize money after…
Read moreOpenAI Confirms Two Employee Devices Were Compromised in the Shai Hulud Supply Chain Attack — The AI That Writes Code Just Got Owned by the Code Supply Chain
Two days ago, we reported that the Shai Hulud supply chain worm had compromised hundreds of signed npm and PyPI packages, including TanStack, Mistral AI,…
Read moreFoxconn Gets Ransomwared for the Fourth Time Since 2020 — 8 Terabytes of Apple, Intel, and Nvidia Secrets Are Now a Dark Web Tasting Menu
🤚 The Open-Palm Inventory of Stolen Goods In news that will surprise absolutely no one who has been paying attention to the state of industrial…
Read moreShai Hulud Supply Chain Attack Compromises Hundreds of Signed npm and PyPI Packages — Your Cryptographic Verification Just Verified the Malware
🤚 The Open-Palm Dissection If you thought the software supply chain had reached peak absurdity when a fake OpenAI privacy filter hit 244,000 downloads on…
Read moreCheckmarx’s Jenkins Security Plugin Was Backdoored Using Credentials Checkmarx Failed to Rotate — The Hackers Even Left a Thank-You Note
🤚 The Open-Palm Incident Report The TeamPCP hacking group has successfully backdoored the official Checkmarx Jenkins Application Security Testing (AST) plugin, turning one of the…
Read moreA Fake OpenAI ‘Privacy Filter’ Hit Number One on Hugging Face With 244,000 Downloads — It Was a Rust-Based Infostealer Wearing a Lab Coat
🤚 The Open-Palm Trending Page A malicious repository called Open-OSS/privacy-filter spent enough time at the #1 trending spot on Hugging Face to accumulate 244,000 downloads…
Read moreHackers Used Google Ads and Claude’s Own Website to Install Mac Malware — The URL Was Real, the Conversation Was Fake, and the Roofing Contractor Did the Rest
🤚 The Open-Palm Attack Vector In a campaign that deserves some kind of award for ironic creativity, hackers have been using Google Ads and Anthropic’s…
Read moreJDownloader’s Website Was Hacked to Serve Python RAT Malware — And the Breach Was Discovered by a Redditor Who Actually Reads Certificate Names
🤚 The Open-Palm Incident Report JDownloader, the beloved open-source download manager that has faithfully served power users and Linux enthusiasts since approximately the Mesozoic era…
Read moreLinux ‘Dirty Frag’ Zero-Day Gives Root With a Single Command — Your Kernel Has Been an Open Door Since the Obama Administration
🤚 The Open-Palm Root Shell A new Linux zero-day vulnerability dubbed “Dirty Frag” has arrived with all the subtlety of a freight train through your…
Read more