Analyst Eric Heath raised the firm’s price target on Okta to $103 from $95 and kept an Overweight rating on the shares, citing a sharper outlook for enterprise security spending in the back half of the year.
The attack used code from the Shai-Hulud worm, published by malware outfit TeamPCP, which can extract secrets from memory used by GitHub Actions. It began with a PR that triggered an automatic workflow via TanStack's use of the pull_request_target feature, causing the malicious code to be built and run by a GitHub Action, poisoning a cache used across the entire repository.
According to TrendAI's Zero Day Initiative (ZDI), white hat hackers have been awarded $1,298,250 for 47 unique vulnerabilities. Nearly $750,000 of the total amount was won by the first two teams: Devcore and StarLabs SG. The two teams also received the highest payouts for a single exploit chain. Devcore earned $200,000 for a remote code execution exploit with System privileges on Microsoft Exchange, and $175,000 for a Microsoft Edge sandbox escape. It also received $100,000 for exploiting Microsoft SharePoint.
SCAM ALERT: There has been a huge escalation lately in airdrop and giveaway scams targetting XRPL users lately. Any such posts you see are likely scams. Ripple-linked fraud warnings in recent months have also covered phishing operations targeting XRP holders through fake verification requests and malicious wallet prompts. Some schemes encouraged users to connect wallets or submit sensitive recovery information through unofficial channels masquerading as trusted XRP resources.
The most severe of the resolved issues is CVE-2026-42945 (CVSS v4.0 score of 9.2), a denial-of-service (DoS) condition in NGINX's ngx_http_rewrite_module module. The bug allows an unauthenticated attacker to send crafted HTTP requests that, combined with certain conditions beyond the attacker's control, could trigger a heap buffer overflow and a restart. If Address Space Layout Randomization (ASLR) is disabled, the flaw can be exploited for code execution.
A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds. The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM).
