Information security
Information security

Information security

GitHub investigates attack via malicious VS Code extension

Information security

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

fromTNW | Data-Security

GitHub breached via poisoned VS Code extension, 3,800 repos stolen

A poisoned VS Code extension enabled TeamPCP to exfiltrate about 3,800 internal GitHub repositories after compromising an employee device.

GitHub Breach Tied to Malicious VS Code Extension Exposes Thousands of Internal Repositories

A compromised Visual Studio Code extension led to access of about 3,800 internal repositories, with no evidence found of customer or external enterprise impact.

Information security

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

47 minutes ago

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

Megalodon injected CI/CD credential-stealing malware into thousands of GitHub repositories, enabling attackers to steal cloud keys, tokens, and secrets and impersonate developers.

GitHub investigates attack via malicious VS Code extension

A malicious VS Code extension likely enabled unauthorized access to GitHub internal repositories, with no confirmed customer data compromise yet.

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Unauthorized access to Grafana Labs GitHub repositories resulted from a TanStack supply chain attack, leading to token compromise, code theft, and mitigations without customer production impact.

fromTNW | Data-Security

GitHub breached via poisoned VS Code extension, 3,800 repos stolen

A poisoned VS Code extension enabled TeamPCP to exfiltrate about 3,800 internal GitHub repositories after compromising an employee device.

GitHub Breach Tied to Malicious VS Code Extension Exposes Thousands of Internal Repositories

A compromised Visual Studio Code extension led to access of about 3,800 internal repositories, with no evidence found of customer or external enterprise impact.

more#supply-chain-attacks

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A compromised NPM maintainer account published malicious package versions that triggered multi-stage credential theft and persistence across CI environments and developer tooling.

#phishing

1 hour ago

Information security

FBI warns of Kali Oauth stealers

Kali365 phishing uses a trusted cloud document email and a Microsoft code to grant attacker access to victims’ Microsoft accounts.

7 hours ago

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

Stolen Microsoft OAuth tokens from phishing kits can bypass MFA and grant attackers access to email and Teams accounts without credentials.

1 hour ago

FBI warns of Kali Oauth stealers

Kali365 phishing uses a trusted cloud document email and a Microsoft code to grant attacker access to victims’ Microsoft accounts.

7 hours ago

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

Stolen Microsoft OAuth tokens from phishing kits can bypass MFA and grant attackers access to email and Teams accounts without credentials.

Modernizing DevOps Security With Intelligent KYC Enforcement Layers - DevOps.com

DevOps security failures stem mainly from identity weaknesses, so continuous identity validation must be built into automated delivery pipelines.

5 hours ago

In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking

Iranian hackers allegedly breached gas station tank gauge systems by exploiting unprotected internet-connected devices, altering display readings without changing fuel volumes.

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Megalodon used forged CI workflow commits to exfiltrate CI secrets, cloud credentials, tokens, keys, and configuration data from thousands of GitHub repositories within hours.

GitHub Worm Hits npm Packages With 16M Downloads

A GitHub Actions cache poisoning attack enabled malicious npm packages to pass provenance checks, while a dead-man’s switch wipes developer machines if the npm token is revoked.

6 hours ago

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Megalodon used forged CI workflow commits to exfiltrate CI secrets, cloud credentials, tokens, keys, and configuration data from thousands of GitHub repositories within hours.

#software-supply-chain-attacks

GitHub Worm Hits npm Packages With 16M Downloads

A GitHub Actions cache poisoning attack enabled malicious npm packages to pass provenance checks, while a dead-man’s switch wipes developer machines if the npm token is revoked.

more#github-actions

fromArs Technica

9 hours ago

A hacker group is poisoning open source code at an unprecedented scale

TeamPCP has carried out frequent software supply chain attacks by corrupting legitimate tools, including a GitHub breach via a poisoned VSCode extension, compromising thousands of repositories.

fromWIRED

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

Hackers used a poisoned VSCode extension to compromise thousands of GitHub repositories, spreading malware through open source tools and extorting victims.

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

A compromised npm maintainer account pushed trojanized @antv and related packages, embedding credential-stealing code and creating significant downstream exposure for auto-updating dependencies.

fromArs Technica

9 hours ago

A hacker group is poisoning open source code at an unprecedented scale

TeamPCP has carried out frequent software supply chain attacks by corrupting legitimate tools, including a GitHub breach via a poisoned VSCode extension, compromising thousands of repositories.

fromWIRED

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

Hackers used a poisoned VSCode extension to compromise thousands of GitHub repositories, spreading malware through open source tools and extorting victims.

more#software-supply-chain-attacks

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

A compromised npm maintainer account pushed trojanized @antv and related packages, embedding credential-stealing code and creating significant downstream exposure for auto-updating dependencies.

#cisco-secure-workload

13 hours ago

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

A maximum-severity flaw in Cisco Secure Workload allows unauthenticated remote attackers to access sensitive data and change configurations across tenant boundaries.

Cisco Secure Workload vulnerability can be exploited via API call

A critical unauthenticated flaw in Cisco Secure Workload internal REST APIs grants full Site Admin privileges, enabling cross-tenant data access and configuration changes.

13 hours ago

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

A maximum-severity flaw in Cisco Secure Workload allows unauthenticated remote attackers to access sensitive data and change configurations across tenant boundaries.

more#cisco-secure-workload

Cisco Secure Workload vulnerability can be exploited via API call

A critical unauthenticated flaw in Cisco Secure Workload internal REST APIs grants full Site Admin privileges, enabling cross-tenant data access and configuration changes.

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure

Drupal detects active exploitation attempts for CVE-2026-9082, a PostgreSQL-backed SQL injection flaw, and warns that attackers may quickly escalate from probing to impact.

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

CVE-2026-9082 enables unauthenticated arbitrary SQL injection on Drupal sites using PostgreSQL, potentially leading to privilege escalation and remote code execution.

2 hours ago

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure

Drupal detects active exploitation attempts for CVE-2026-9082, a PostgreSQL-backed SQL injection flaw, and warns that attackers may quickly escalate from probing to impact.

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

CVE-2026-9082 enables unauthenticated arbitrary SQL injection on Drupal sites using PostgreSQL, potentially leading to privilege escalation and remote code execution.

Why CISA Accepting KEV Nominations Is So Important

CISA will accept standardized public nominations for KEV catalog entries to improve early discovery, responsible communication, and rapid mitigation of exploited vulnerabilities.

Zscaler acquires AI security firm Symmetry Systems

Zscaler acquires Symmetry Systems to add access graph technology that maps AI agent and application access, permissions used, and data flows for stronger Zero Trust security.

TrendAI Patches Apex One Zero-Day Exploited in the Wild

CVE-2026-34926 is a patched Apex One directory traversal flaw exploited in the wild, requiring admin access and affecting on-premises deployments.

14 hours ago

Cisco used AI to write security incident reports, with mixed results

Large language models can draft incident reports faster but can produce inaccuracies, hallucinations, and cross-contaminated content without careful prompting and controls.

2 hours ago

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

Ghostwriter targets Ukrainian government organizations using Prometheus-themed phishing lures, delivering JavaScript that writes encrypted payloads, collects system data, and runs Cobalt Strike.

4 hours ago

Polymarket Suffers $700K Breach After Internal Admin Wallet is Compromised

Polymarket lost about $700K in POL after an internal private key compromise, but user funds and market resolution functions remain safe while keys are moved to KMS.

12 hours ago

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The impact is severe: successful exploitation not only compromises the Langflow instance but also exposes all sensitive access tokens and API keys stored within the workspace. This can trigger a cascading compromise across all integrated downstream services in cloud and SaaS environments.

Information security

The AI that cracked Apple Silicon is only the beginning

AI can augment security research and also help attackers find hard-to-find vulnerabilities, increasing risk as capabilities improve.

Even Claude agrees: hole in its sandbox was real and dangerous

Two Claude Code network sandbox bypasses were silently fixed without CVE or advisory, enabling attacker-controlled code execution and exfiltration of sandbox-accessible credentials and data.

3 hours ago

The AI that cracked Apple Silicon is only the beginning

AI can augment security research and also help attackers find hard-to-find vulnerabilities, increasing risk as capabilities improve.

Even Claude agrees: hole in its sandbox was real and dangerous

Two Claude Code network sandbox bypasses were silently fixed without CVE or advisory, enabling attacker-controlled code execution and exfiltration of sandbox-accessible credentials and data.

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

Windows kernel driver vulnerabilities can remain reachable from user mode even without the original hardware, enabling exploitability evaluation for hardware-gated code.

'First VPN' Cybercrime Service Disrupted, Administrator Arrested

Law enforcement disrupted First VPN, a cybercrime service used for ransomware and intrusions, dismantling servers, arresting an alleged administrator, and notifying 506 users.

Police op targets VPN service favoured by ransomware gangs | Computer Weekly

A major VPN used by cyber criminals for anonymity, fraud, ransomware, and data exfiltration was dismantled in Operation Saffron with Europol and Bitdefender support.

10 hours ago

'First VPN' Cybercrime Service Disrupted, Administrator Arrested

Law enforcement disrupted First VPN, a cybercrime service used for ransomware and intrusions, dismantling servers, arresting an alleged administrator, and notifying 506 users.

Police op targets VPN service favoured by ransomware gangs | Computer Weekly

A major VPN used by cyber criminals for anonymity, fraud, ransomware, and data exfiltration was dismantled in Operation Saffron with Europol and Bitdefender support.

Strategies, Expert Insights from the 2026 Verizon DBIR

Software vulnerabilities became the leading access method, mobile attacks rose, and generative AI is accelerating exploitation and expanding breach patterns.

When Identity is the Attack Path

Identity-based credentials and permissions act as an internal attack highway, enabling lateral movement and access to critical workloads after a foothold.

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

Attacks increasingly use trusted systems and normal workflows, with AI enabling faster, harder-to-detect intrusion tooling and tunneling into internal networks.

Security Leaders Should Prepare for World Cup Scams

Cybercriminals may exploit the 2026 World Cup to launch scams, using AI and deepfakes, while employee device misuse can turn attackers into insider threats.

Information security

Anthropic Silently Patches Claude Code Sandbox Bypass

fromTechCrunch

Information security

GitHub says hackers stole data from thousands of internal repositories | TechCrunch

Information security

Financial Services, Cybersecurity and the Evolving Threat Landscape

Information security

Bulgaria fires up Google Cloud for national cyber security | Computer Weekly

Information security

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Security Leaders Should Prepare for World Cup Scams

Cybercriminals may exploit the 2026 World Cup to launch scams, using AI and deepfakes, while employee device misuse can turn attackers into insider threats.

Anthropic Silently Patches Claude Code Sandbox Bypass

Two Claude Code network sandbox bypasses could have enabled outbound connections to unapproved hosts, but fixes were released, including a null-byte SOCKS5 issue.

fromTechCrunch

GitHub says hackers stole data from thousands of internal repositories | TechCrunch

Attackers compromised an employee device via a poisoned VS Code extension and stole data from about 3,800 internal GitHub repositories.

Financial Services, Cybersecurity and the Evolving Threat Landscape

Financial institutions can manage accelerating cyber threats by integrating resilience into daily operations, strengthening governance and risk management, and leveraging collaboration.

Bulgaria fires up Google Cloud for national cyber security | Computer Weekly

Bulgaria deployed Google Cloud Cybershield to centralize AI-powered cyber intelligence and telemetry, reducing detection and response time across government entities.

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Breach impact was limited to Grafana Labs GitHub repositories, with no evidence of customer production systems or Grafana Cloud operations being compromised.

New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most

Vulnerability exploitation, AI-enabled attacks, third-party risk, and ransomware are driving breaches, while human error remains a major factor.

Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw

Unauthenticated crafted API requests can grant Site Admin privileges, enabling cross-tenant data access and configuration changes in Cisco Secure Workload.

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

Velocity without visibility creates a supply chain cybersecurity crisis as exploitation outpaces patching and only a small subset of CVEs is truly exploitable.

Microsoft Open-Sources RAMPART and Clarity to Bring Agent Safety Into the Dev Workflow - DevOps.com

AI agents now perform real actions across systems, requiring continuous safety engineering beyond one-time checks.

OKX's Gracie Lin Says AI Agents Need Sub-Cent Payments as Bank Rails Slow Tasks

AI agents will trigger CAPTCHAs and MFA blocks, turning web security designed for humans into checkout roadblocks for autonomous commerce.

Microsoft Open-Sources RAMPART and Clarity to Bring Agent Safety Into the Dev Workflow - DevOps.com

AI agents now perform real actions across systems, requiring continuous safety engineering beyond one-time checks.

OKX's Gracie Lin Says AI Agents Need Sub-Cent Payments as Bank Rails Slow Tasks

AI agents will trigger CAPTCHAs and MFA blocks, turning web security designed for humans into checkout roadblocks for autonomous commerce.

Google's Surge in Chrome Vulnerability Discoveries Likely Driven by AI

Chrome vulnerability counts reported by Google surged from single digits to 100 within weeks, likely aided by AI-driven testing and remediation automation.

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft Defender privilege escalation and denial-of-service vulnerabilities are actively exploited, and fixes are available via updated Defender Antimalware Platform versions and definition updates.

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

Microsoft released patches for two Microsoft Defender vulnerabilities exploited in the wild, adding them to CISA’s KEV list with a June 3 patch deadline.

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

Microsoft released patches for two Microsoft Defender vulnerabilities exploited in the wild, adding them to CISA’s KEV list with a June 3 patch deadline.

more#microsoft-defender

Microsoft storms RAMPART, adds Clarity to agentic AI safety

RAMPART and another open-source tool help teams test, measure, and mitigate risks in agentic AI through automated red-teaming in CI/CD pipelines.

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

RAMPART and Clarity provide open-source tools for testing AI agents’ safety and security and for pressure-testing assumptions early in development.

Microsoft storms RAMPART, adds Clarity to agentic AI safety

RAMPART and another open-source tool help teams test, measure, and mitigate risks in agentic AI through automated red-teaming in CI/CD pipelines.

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

RAMPART and Clarity provide open-source tools for testing AI agents’ safety and security and for pressure-testing assumptions early in development.

more#ai-agent-security

fromTechRepublic

Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs

Fox Tempest abused Azure Artifact Signing to generate fraudulent code-signing certificates, enabling malware and ransomware to appear trusted and evade defenses.

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

Showboat is a modular Linux post-exploitation malware used against a Middle East telecom provider, providing remote shell, file transfer, and SOCKS5 proxy capabilities.

23 hours ago

Npm registry sets stage for more secure package publishing

GitHub added staged (gated) publishing for npm packages, requiring maintainer review and 2FA approval before staged releases become public.

23 hours ago

Threat hunters find Google API keys still usable 23 minutes after deletion

Deleted Google API keys can remain usable for up to 23 minutes, enabling attackers to run requests and incur charges before revocation propagates.

Microsoft is working on a patch for 'YellowKey' attack on Bitlocker, offers temporary fix

“Organizations should start by auditing their environment for the conditions that exist that leave them vulnerable to YellowKey,” said Eric Grenier, senior director analyst at Gartner. “They should also have a clear understanding of their risk acceptance in the case of a lost/stolen device and, based on that acceptance (or non-acceptance), follow the steps such as customizing Secure Boot and ensuring firmware and Boot integrity.”.

Information security

Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach

More than 46,000 Myspace93 users had plaintext usernames and passwords exposed after a 2021 breach involving unencrypted credential storage.

Zombie user account let hackers control the city's water

Unfortunately, even though Greg was no longer around, his account was, and it retained extensive privileges, including domain admin rights, SCADA (Supervisory Control and Data Acquisition) operator access, and even the ability to perform help desk functions. It's unclear if someone from auditing ever needed this level of access, but a former employee definitely did not.

Information security

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal released security updates for a highly critical PostgreSQL-only Drupal Core vulnerability that can enable remote code execution, privilege escalation, or information disclosure.

Ocean Emerges From Stealth With $28M for Agentic Email Security Platform

Ocean raised $28M to deploy AI agents that analyze every email for hidden malicious intent and automate security triage and employee guidance.

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop

Agentic AI collapses attacker cost and expertise, making all apps primary targets and turning app publication into an immediate security exposure event.

Ocean Emerges From Stealth With $28M for Agentic Email Security Platform

Ocean raised $28M to deploy AI agents that analyze every email for hidden malicious intent and automate security triage and employee guidance.

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop

Agentic AI collapses attacker cost and expertise, making all apps primary targets and turning app publication into an immediate security exposure event.

more#agentic-ai

fromThe Cipher Brief

fromHarvard Business Review

Iran's Digital War Machine Targeting U.S. Infrastructure

Israel wiped out a major military hub in southeastern Tehran, a site that Western intel says was the nerve center for the IRGC. The facility didn't just house the Quds Force and Basij; it served as the literal "brain" for Iran's global hacking campaigns and internal security operations.

Information security

The Case for Hiring a Chief Resilience Officer

Disruptions cause the most damage through cascading failures across connected systems, halting operations, delaying services, harming customers, and triggering financial and regulatory impacts.

fromZDNET

How AI can trick you into making fake payments - 5 red flags

AI-accelerated scams are rapidly increasing consumer harm by compressing fraud cycles and shifting fraud toward social engineering that tricks people into authorizing malicious actions.

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

GitHub is investigating unauthorized access to internal repositories after TeamPCP listed source code and organizations for sale, while monitoring for customer impact.

Agent AI is Coming. Are You Ready?

Identity dark matter now exceeds visible identity elements, increasing the risk that AI agents bypass access controls through shortcuts and credential misuse.

1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials

An integration enables OpenAI Codex coding agents to use enterprise credentials without exposing secrets in prompts, code, repositories, terminals, or model context.

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Webworm uses Discord and Microsoft Graph API for command-and-control, deploying new backdoors in 2025 and blending malware via a WordPress-impersonating GitHub repository.

Vulnerabilities are the number one cause of data breaches for the first time

Exploiting vulnerabilities is now the leading entry point for data breaches, while AI accelerates exploitation and expands risks from shadow AI, supply chains, and mobile attacks.

Vulnerability exploitation now primary origin of data breaches | Computer Weekly

About 31% of breaches start with exploitation of unpatched software vulnerabilities, driven by AI-enabled faster weaponization, requiring stronger risk management and patch readiness.

Vulnerabilities are the number one cause of data breaches for the first time

Exploiting vulnerabilities is now the leading entry point for data breaches, while AI accelerates exploitation and expands risks from shadow AI, supply chains, and mobile attacks.

Vulnerability exploitation now primary origin of data breaches | Computer Weekly

About 31% of breaches start with exploitation of unpatched software vulnerabilities, driven by AI-enabled faster weaponization, requiring stronger risk management and patch readiness.

Mobile phishing is a bigger threat than email now - how to stay protected

Mobile phishing and social engineering are increasing faster than email phishing, with higher click-through rates, requiring mobile-focused training and protections.

Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

AI-generated lookalike domains embedded in third-party scripts evade firewalls, WAFs, EDR, and CSP, requiring detection that observes executed browser behavior.

Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft

SHub Reaper macOS infostealer uses brand-spoofing and social engineering to steal passwords, browser data, crypto data, and business files while maintaining stealth persistence.

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

Reaper macOS infostealer spoofs major trusted brands, uses Script Editor to bypass Terminal defenses, then steals password-manager credentials and crypto-wallet access.

fromTechRepublic

Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft

SHub Reaper macOS infostealer uses brand-spoofing and social engineering to steal passwords, browser data, crypto data, and business files while maintaining stealth persistence.

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

Reaper macOS infostealer spoofs major trusted brands, uses Script Editor to bypass Terminal defenses, then steals password-manager credentials and crypto-wallet access.

more#macos-malware

fromTNW | Data-Security

QIZ Security and Google Cloud partner on quantum-safe encryption

QIZ Security and Google Cloud collaborate to accelerate enterprise migration to quantum-resistant cryptography by providing unified visibility into cryptographic risk across hybrid environments.

1Password Allies With OpenAI to Secure Codex AI Coding Tool - DevOps.com

Codex credentials are issued just-in-time via an MCP server so secret values never appear in code, terminals, model context, or disk.

Caught Off Guard: Securing AI After It Hits Production

Security teams must be involved early in the software development lifecycle to prevent reactive, afterthought security failures as AI use cases move to production.

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft disrupted a malware-signing-as-a-service operation using Artifact Signing, seizing infrastructure and blocking access to stop ransomware and other attacks.

fromArs Technica

Google publishes exploit code threatening millions of Chromium users

Unfixed Chromium vulnerability lets websites exploit Browser Fetch to monitor activity, proxy browsing, and enable denial-of-service, potentially turning many devices into a botnet.

Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware

Microsoft seized websites and took down a code-signing certificate service used to make ransomware and malware appear legitimate, infecting thousands of US machines including Microsoft-owned systems.

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft released a mitigation for the YellowKey BitLocker bypass vulnerability (CVE-2026-45585) affecting multiple Windows 11 and Windows Server 2025 versions.

fromGameSpot

Your Nvidia GPU Needs A Driver Update Right Now, Unless You Enjoy Surprise Malware DLC

Update Nvidia GPU display drivers to address a Windows and Linux driver vulnerability that could enable unauthorized access, data theft, or malicious code injection.

fromMail Online

Warning to Gmail users over fake 'friend' invites stealing accounts

Phishing emails disguised as trusted e-invitations can steal Google credentials or install malware after users click RSVP links.

GitHub Breached, Internal Repositories Exposed

An unauthorized actor accessed GitHub internal repositories via a compromised employee device and an impacted VS Code extension, with TeamPCP claiming responsibility and selling access data.

Real-World ICS Security Tales From the Trenches

ICS and OT environments contain hidden risks and real-world complexities that standard testing and policies often fail to reveal.

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) extension. The company's initial assessment is that only internal repositories were exfiltrated. The incident was reported by GitHub on X, with follow-up posts revealing a "poisoned VS Code extension" as the cause. The Microsoft-owned code shack continues to "analyze logs, validate secret rotation, and monitor for any follow-on activity."

Information security

Microsoft Rolls Out Mitigations for 'YellowKey' BitLocker Bypass

YellowKey enables physical attackers to bypass BitLocker by spawning a shell in recovery mode, and Microsoft provides mitigations to restore WinRE protection.

fromInfoWorld

GitHub admits major source code leak after 3,800 internal repositories breached

“Yesterday we detected and contained a compromise of an employee device involving a poisoned VS [Visual Studio] Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” GitHub said.

Information security

Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution

Quantum Bridge announced on Wednesday that it has raised $8 million in Series A funding for its quantum-safe key distribution solution. The new funding, which brings the total raised by the company to $16 million, was supported by Wayra (Telefónica), Cadenza VC, Club degli Investitori angels, HPE, and Bacchus Venture Capital.

Information security

Shadow AI invades the workplace, up 4x in the last year

Unauthorized personal accounts are increasingly used to access workplace AI tools, driving a surge in non-malicious insider risk and potential proprietary data exposure.

The New Phishing Click: How OAuth Consent Bypasses MFA

EvilTokens used OAuth consent to steal refresh tokens, bypassing MFA and avoiding sign-in detection by exploiting routine user clicks on microsoft.com/devicelogin.

Assume autonomy: Why security teams need to rethink defence at machine speed | Computer Weekly

Cybersecurity must shift from human-speed assumptions to an Assume Autonomy mindset, because AI enables autonomous discovery, exploitation, and lateral movement faster than current defenses.

fromInfoWorld

GitHub scales back bug bounties, reminds users security is their responsibility too

Security reports should show real security impact caused by GitHub, not user choices or hardening/documentation issues, and AI use is encouraged.

Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

Trapdoor uses malicious Android apps and malvertising to drive installs, hidden WebViews, and HTML5 ad requests, generating self-sustaining fraud revenue.

fromTNW | Anthropic