1. GitHub is investigating a breach of approximately 3800 internal repositories after an employee installed a malicious VS Code extension (The Hacker News).
2. Microsoft released a mitigation for the YellowKey BitLocker bypass vulnerability tracked as CVE-2026-45585 (The Hacker News).
3. Grafana Labs confirmed a breach of its internal GitHub environment involving source code, though customer production systems remain unaffected (The Hacker News).
4. The threat actor group TeamPCP claimed responsibility for the GitHub breach and attempted to sell internal source code on a cybercrime forum (Bleeping Computer).
5. A max severity vulnerability in ChromaDB allows unauthenticated attackers to perform remote code execution and server hijacking (Bleeping Computer).
6. Researchers identified the Trapdoor ad fraud operation which utilized 455 malicious Android applications to facilitate large scale ad fraud (The Hacker News).
7. The Phishing as a Service platform EvilTokens has successfully bypassed MFA for over 340 Microsoft 365 organizations using OAuth consent phishing (The Hacker News).
8. A proof of concept exploit for the DirtyDecrypt Linux kernel local privilege escalation vulnerability has been released (The Hacker News).
9. ShinyHunters and other extortion groups are targeting organizations like Canvas, prompting FBI warnings regarding potential future ransomware attacks (Bitdefender).
10. A vulnerability in ZTE routers tracked as CVE-2026-34473 allows unauthenticated denial of service attacks affecting over 140000 devices (Reddit).
11. Over 300 npm packages were found to be infected following a supply chain compromise involving an account takeover (Reddit).
12. Over 6000 automatic tank gauges were identified as exposed to the internet without any authentication (Reddit).
13. Drupal announced an urgent core security update scheduled for release on May 20 2026 due to potential exploit development (The Hacker News).
14. A report by Verizon indicates that exploits are now involved in 31 percent of initial access for data breaches (Dark Reading).
15. Interpol coordinated Operation Ramz involving 13 countries in the Middle East to combat regional cybercrime (Dark Reading).
Be First to Comment