top of page
ALL POSTS
Megalodon Supply Chain Attack Compromises 5,561 GitHub Repositories in Six-Hour Blitz
Key Findings 5,718 malicious commits pushed to 5,561 GitHub repositories within a six-hour window on May 18, 2026 Attackers used forged identities (build-bot, auto-ci, ci-bot, pipeline-bot) and throwaway GitHub accounts to hide their tracks Malicious GitHub Actions workflows embedded base64-encoded bash payloads designed to exfiltrate sensitive credentials and secrets Two attack variants identified: SysDiag (broad reach, triggers on every push/pull request) and Optimize-Build
May 222 min read
Attackers Bypass MFA on SonicWall VPNs Due to Flawed Prior Patch
Key Findings SonicWall Gen6 SSL-VPN devices remain vulnerable to MFA bypass despite firmware patches because administrators are missing six required manual remediation steps CVE-2024-12802 exploitation observed in-the-wild between February and March 2026, leading to ransomware-related intrusions across multiple organizations Attackers successfully brute-forced VPN credentials and bypassed MFA, reaching internal file servers in some cases within 30 minutes Gen6 devices reached
May 222 min read
AI-Powered Exploitation Surge: Hackers Leverage Machine Learning in Nearly a Third of Recent Breaches, Verizon DBIR Warns
Key Findings AI-assisted vulnerability exploitation caused 31% of all breaches, overtaking stolen credentials as the primary initial access method for the first time in DBIR's 19-year history Generative AI has compressed the vulnerability exploitation window from months to just hours, collapsing traditional defense timelines Mobile-based social engineering attacks via voice and text achieve 40% higher success rates than email phishing Shadow AI tool usage among employees trip
May 213 min read
GitHub's 3,800 Internal Repositories Compromised Through Malicious VS Code Extension
Key Findings GitHub's internal repositories were compromised after an employee device was infected with a malicious Visual Studio Code extension Approximately 3,800 internal repositories were exfiltrated in the attack TeamPCP, a financially motivated hacking group, claimed responsibility and is selling the stolen data for around $95,000 GitHub confirmed it detected, contained and isolated the breach; no customer data outside internal repositories was affected Critical credent
May 202 min read
Drupal Emergency Security Update Alert: May 20 Critical Patch Required for All Sites
Key Findings Drupal Security Team releasing emergency core security update May 20, 5-9 p.m. UTC across all supported branches Vulnerability is severe enough that exploits could be developed within hours or days of patch release Update affects Drupal 11.3.x, 11.2.x, 10.6.x, and 10.5.x with best-effort patches for 11.1.x and 10.4.x End-of-life versions (Drupal 8 and 9) receiving manual patch files only, with no guarantees Drupal 7 is not affected by this vulnerability Backgroun
May 192 min read
Grafana Rejects Ransom Demand Following Source Code Theft in GitHub Breach
Key Findings Grafana Labs suffered a breach allowing attackers to download source code after compromising a GitHub token No customer data exposure or impact to customer systems was found during investigation An attacker demanded ransom in exchange for not releasing the stolen code Grafana rejected the extortion demand, citing FBI guidance against paying ransoms Compromised credentials have been revoked and new security safeguards implemented The company plans to release addit
May 182 min read
Grafana GitHub Token Breach Results in Codebase Theft and Extortion Plot
Key Findings Unauthorized party obtained a GitHub token granting access to Grafana's environment and downloaded company source code Attacker demanded ransom to prevent stolen code from being published; Grafana refused to pay No customer data, personal information, or impact to customer systems was identified CoinbaseCartel, a data extortion group that emerged in September 2025, has claimed responsibility Grafana invalidated compromised credentials and implemented additional s
May 172 min read
Critical CVE-2026-42897: Microsoft Exchange Server Zero-Day Under Active Exploitation
Key Findings Microsoft Exchange Server vulnerability CVE-2026-42897 is actively being exploited in the wild Cross-site scripting flaw with CVSS score of 8.1 enables spoofing and arbitrary JavaScript execution Vulnerability affects on-premises Exchange Server 2016, 2019, and Subscription Edition at any update level Exchange Online is not impacted Temporary mitigation available through Exchange Emergency Mitigation Service; permanent patch in development Attackers deliver explo
May 152 min read
TeamPCP Claims Sale of Mistral AI Repositories During Mini Shai-Hulud Attack
Key Findings TeamPCP-linked forum account claims to be selling roughly 5GB of internal Mistral AI repositories and source code The alleged archive contains approximately 450 repositories covering training systems, inference infrastructure, and enterprise AI projects No independent verification of the authenticity of the claimed repositories has been established The sale announcement surfaced days after Mini Shai-Hulud supply chain attacks compromised hundreds of npm and PyPI
May 133 min read
Quest KACE SMA Critical Vulnerability CVE-2025-32975 Exposes 60 Organizations to Directory Traversal Attacks
Key Findings CVE-2025-32975 is a critical authentication bypass vulnerability in Quest KACE SMA with a maximum CVSS score of 10.0 An unpatched instance at managed services provider HIQ was exploited to compromise over 60 downstream organizations across law enforcement, healthcare, education, and government The attacker left a 308 MB toolkit and 512 MB database dump publicly accessible on an unprotected HTTP server for three days Over 12,000 internet-facing KACE appliances are
May 132 min read
Active Exploitation of cPanel CVE-2026-41940 Deploys Filemanager Backdoor Across 2,000+ Attacker IPs Globally
Key Findings Critical cPanel vulnerability CVE-2026-41940 (CVSS 9.3) is being actively exploited in the wild to deploy the Filemanager backdoor Over 2,000 malicious IPs from Germany, US, Brazil, Netherlands and other regions are conducting automated attacks Threat actor Mr_Rot13 has been linked to the campaign, with evidence of operations dating back to at least 2020 Exploitation has led to cryptomining, ransomware deployment, botnet propagation, and credential theft Southeas
May 123 min read
AI-Powered Zero-Day: Hackers' First Known 2FA Bypass Campaign Stopped by Google
Key Findings Google identified threat actors using an AI-generated zero-day exploit to bypass two-factor authentication on a web-based administration tool, marking the first confirmed use of AI in malicious vulnerability discovery in the wild The exploit was delivered as a Python script containing telltale signs of large language model generation, including excessive docstrings, fabricated CVSS scores, and textbook-style code formatting The vulnerability required valid user c
May 113 min read
Hackers Exploit DigiCert to Issue Malware-Signing Certificates
Key Findings DigiCert's support team was compromised on April 2, 2026 when a staff member opened malware disguised as a screenshot in a help chat Attackers obtained initialization codes for EV Code Signing certificates, which function as bearer credentials for issuing valid certificates At least 60 certificates were revoked after hackers used stolen credentials to sign the Zhong Stealer malware A second compromised endpoint with a malfunctioning CrowdStrike sensor allowed att
May 103 min read
Two US Men Imprisoned for Aiding North Korean Hackers in Infiltrating American Companies
Key Findings Two US men, Matthew Isaac Knoot and Erick Ntekereze Prince, sentenced to 18 months each for operating "laptop farms" that enabled North Korean hackers to infiltrate approximately 70 US companies The scheme generated over $1.2 million in illicit revenue, primarily funneled to North Korea's weapons of mass destruction programs Knoot's operation ran from July 2022 to August 2023; Prince's farm operated from June 2020 to August 2024 Victims incurred over $1.5 million
May 102 min read
JDownloader Site Compromised: Malicious Installers Distribute Python RAT Malware
Key Findings JDownloader's official website was compromised on May 6-7, allowing attackers to distribute malicious Windows and Linux installers The attack exploited an unpatched CMS vulnerability that allowed unauthorized modification of access control lists without authentication Only alternative installers were affected; macOS versions, core JAR files, and in-app updates remained secure due to separate infrastructure and cryptographic verification Users who downloaded compr
May 102 min read
Braintrust Security Breach Exposes Critical Vulnerabilities in AI Supply Chain
Key Findings Braintrust, an AI observability startup, suffered an unauthorized breach of an AWS account on May 4, 2026 Attackers potentially accessed API keys and secrets used to connect to cloud-based AI models One customer confirmed compromised, three additional customers reported suspicious AI usage spikes The breach exposes growing vulnerabilities in AI supply chains as attackers target platforms storing valuable credentials Threat actors can abuse AI services while appea
May 92 min read
ShinyHunters Breach Impacts Thousands of Universities Through Canvas LMS Vulnerability
Key Findings ShinyHunters claimed responsibility for breaching Instructure's Canvas LMS and defaced university login portals including canvas.vt.edu on Thursday The group claims to have exfiltrated 3.65TB of data from nearly 9,000 educational institutions affecting approximately 275 million users worldwide Exposed data includes names, email addresses, student ID numbers, and internal Canvas messages, but not passwords, financial records, or government IDs according to Instruc
May 83 min read
ClaudeBleed: Hackers Exploit Chrome Extension Vulnerability to Hijack Claude and Steal Data
Key Findings LayerX researchers discovered ClaudeBleed, a critical vulnerability in Claude's Chrome extension that allows any other browser extension to take full control of the AI assistant The flaw stems from improper message source verification, allowing malicious scripts to issue commands to Claude without user knowledge or consent Attackers can extract files from Google Drive, read private emails, send messages on behalf of users, and access GitHub repositories Anthropic
May 83 min read
Palo Alto Networks PAN-OS Zero-Day Under Active Exploitation for Remote Code Execution
Key Findings Critical buffer overflow vulnerability (CVE-2026-0300) in Palo Alto Networks PAN-OS is actively exploited in the wild CVSS score of 9.3 allows unauthenticated remote code execution with root privileges on PA-Series and VM-Series firewalls Exploitation primarily targets User-ID Authentication Portals exposed to the internet or untrusted networks Patches begin rolling out May 13, 2026, with staggered availability across multiple PAN-OS versions Risk significantly r
May 62 min read
Microsoft Exposes Large-Scale Phishing Campaign Targeting 35,000 Users in 26 Countries
Key Findings Large-scale credential theft campaign targeted over 35,000 users across 26 countries between April 14-16, 2026 92% of targets were located in the U.S. across 13,000 organizations Healthcare and life sciences (19%), financial services (18%), professional services (11%), and technology sectors (11%) were primary targets Attackers used legitimate email delivery services to distribute phishing messages disguised as internal code of conduct reviews Campaign employed..
May 54 min read
bottom of page
