top of page
ALL POSTS
AI-Powered Exploitation Surge: Hackers Leverage Machine Learning in Nearly a Third of Recent Breaches, Verizon DBIR Warns
Key Findings AI-assisted vulnerability exploitation caused 31% of all breaches, overtaking stolen credentials as the primary initial access method for the first time in DBIR's 19-year history Generative AI has compressed the vulnerability exploitation window from months to just hours, collapsing traditional defense timelines Mobile-based social engineering attacks via voice and text achieve 40% higher success rates than email phishing Shadow AI tool usage among employees trip
May 213 min read
GitHub's 3,800 Internal Repositories Compromised Through Malicious VS Code Extension
Key Findings GitHub's internal repositories were compromised after an employee device was infected with a malicious Visual Studio Code extension Approximately 3,800 internal repositories were exfiltrated in the attack TeamPCP, a financially motivated hacking group, claimed responsibility and is selling the stolen data for around $95,000 GitHub confirmed it detected, contained and isolated the breach; no customer data outside internal repositories was affected Critical credent
May 202 min read
Microsoft Dismantles Fox Tempest Malware-Signing Network
Key Findings Microsoft's Digital Crimes Unit dismantled Fox Tempest, a malware-signing-as-a-service operation that created over 1,000 fraudulent certificates The service enabled threat actors to sign malware with short-lived Microsoft certificates, making malicious files appear legitimate Fox Tempest charged between $5,000 and $9,000 for access to its signing platform, with higher tiers offering priority service The operation supported major ransomware families including Rhys
May 202 min read
Grafana Rejects Ransom Demand Following Source Code Theft in GitHub Breach
Key Findings Grafana Labs suffered a breach allowing attackers to download source code after compromising a GitHub token No customer data exposure or impact to customer systems was found during investigation An attacker demanded ransom in exchange for not releasing the stolen code Grafana rejected the extortion demand, citing FBI guidance against paying ransoms Compromised credentials have been revoked and new security safeguards implemented The company plans to release addit
May 182 min read
Grafana GitHub Token Breach Results in Codebase Theft and Extortion Plot
Key Findings Unauthorized party obtained a GitHub token granting access to Grafana's environment and downloaded company source code Attacker demanded ransom to prevent stolen code from being published; Grafana refused to pay No customer data, personal information, or impact to customer systems was identified CoinbaseCartel, a data extortion group that emerged in September 2025, has claimed responsibility Grafana invalidated compromised credentials and implemented additional s
May 172 min read
OpenAI Targeted in TanStack npm Supply Chain Attack: What You Need to Know
Key Findings OpenAI confirmed that two employee devices were compromised in the TanStack supply chain attack, exposing limited credential material from internal source code repositories The TeamPCP hacking group distributed 84 malicious packages through the TanStack ecosystem using the Mini Shai-Hulud worm, which exploited GitHub Actions OIDC tokens and generated valid SLSA Level 3 attestations Code-signing certificates for iOS, macOS, Windows, and Android applications were e
May 163 min read
Abrigo - 711,099 Accounts Breached
Key Findings ShinyHunters group conducted "pay or leak" extortion campaigns against at least two major companies in April 2026 Abrigo suffered a breach exposing 711,099 records from its Salesforce instance, containing business contact information Canada Life experienced a separate incident resulting in 237,810 breached records including customer personal data Both breaches involved similar extortion tactics followed by public data release when demands were not met Combined in
May 142 min read
TeamPCP Claims Sale of Mistral AI Repositories During Mini Shai-Hulud Attack
Key Findings TeamPCP-linked forum account claims to be selling roughly 5GB of internal Mistral AI repositories and source code The alleged archive contains approximately 450 repositories covering training systems, inference infrastructure, and enterprise AI projects No independent verification of the authenticity of the claimed repositories has been established The sale announcement surfaced days after Mini Shai-Hulud supply chain attacks compromised hundreds of npm and PyPI
May 133 min read
Quest KACE SMA Critical Vulnerability CVE-2025-32975 Exposes 60 Organizations to Directory Traversal Attacks
Key Findings CVE-2025-32975 is a critical authentication bypass vulnerability in Quest KACE SMA with a maximum CVSS score of 10.0 An unpatched instance at managed services provider HIQ was exploited to compromise over 60 downstream organizations across law enforcement, healthcare, education, and government The attacker left a 308 MB toolkit and 512 MB database dump publicly accessible on an unprotected HTTP server for three days Over 12,000 internet-facing KACE appliances are
May 132 min read
Active Exploitation of cPanel CVE-2026-41940 Deploys Filemanager Backdoor Across 2,000+ Attacker IPs Globally
Key Findings Critical cPanel vulnerability CVE-2026-41940 (CVSS 9.3) is being actively exploited in the wild to deploy the Filemanager backdoor Over 2,000 malicious IPs from Germany, US, Brazil, Netherlands and other regions are conducting automated attacks Threat actor Mr_Rot13 has been linked to the campaign, with evidence of operations dating back to at least 2020 Exploitation has led to cryptomining, ransomware deployment, botnet propagation, and credential theft Southeas
May 123 min read
Critical Ollama GGUF Loader Vulnerability Exposes Sensitive Process Memory to Remote Attackers
Key Findings CVE-2026-7482 (CVSS 9.1) affects Ollama versions before 0.17.1, impacting an estimated 300,000+ servers globally Out-of-bounds read in GGUF model loader allows unauthenticated remote attackers to leak entire process memory Vulnerability enables exfiltration of API keys, environment variables, system prompts, and user conversation data Two additional Windows update flaws (CVE-2026-42248 and CVE-2026-42249) enable persistent code execution but remain unpatched Olla
May 113 min read
Hackers Exploit DigiCert to Issue Malware-Signing Certificates
Key Findings DigiCert's support team was compromised on April 2, 2026 when a staff member opened malware disguised as a screenshot in a help chat Attackers obtained initialization codes for EV Code Signing certificates, which function as bearer credentials for issuing valid certificates At least 60 certificates were revoked after hackers used stolen credentials to sign the Zhong Stealer malware A second compromised endpoint with a malfunctioning CrowdStrike sensor allowed att
May 103 min read
JDownloader's Official Site Distributes Malware to Windows and Linux Users in Major Supply Chain Attack
Key Findings JDownloader's official website was compromised between May 6-7, 2026, serving malicious installers to Windows and Linux users instead of legitimate software Attackers deployed a Python-based remote access trojan (RAT) that gave them remote control over infected systems, with an 8-minute execution delay The breach was limited to the Windows "Alternative Installer" and Linux shell installer; macOS, in-app updates, and package managers remained unaffected Attackers
May 103 min read
Braintrust Security Breach Exposes Critical Vulnerabilities in AI Supply Chain
Key Findings Braintrust, an AI observability startup, suffered an unauthorized breach of an AWS account on May 4, 2026 Attackers potentially accessed API keys and secrets used to connect to cloud-based AI models One customer confirmed compromised, three additional customers reported suspicious AI usage spikes The breach exposes growing vulnerabilities in AI supply chains as attackers target platforms storing valuable credentials Threat actors can abuse AI services while appea
May 92 min read
ShinyHunters Breach Impacts Thousands of Universities Through Canvas LMS Vulnerability
Key Findings ShinyHunters claimed responsibility for breaching Instructure's Canvas LMS and defaced university login portals including canvas.vt.edu on Thursday The group claims to have exfiltrated 3.65TB of data from nearly 9,000 educational institutions affecting approximately 275 million users worldwide Exposed data includes names, email addresses, student ID numbers, and internal Canvas messages, but not passwords, financial records, or government IDs according to Instruc
May 83 min read
ClaudeBleed: Hackers Exploit Chrome Extension Vulnerability to Hijack Claude and Steal Data
Key Findings LayerX researchers discovered ClaudeBleed, a critical vulnerability in Claude's Chrome extension that allows any other browser extension to take full control of the AI assistant The flaw stems from improper message source verification, allowing malicious scripts to issue commands to Claude without user knowledge or consent Attackers can extract files from Google Drive, read private emails, send messages on behalf of users, and access GitHub repositories Anthropic
May 83 min read
US Cybersecurity Experts Face Prison Time in Major Ransomware Conspiracy Case
Key Findings Two US cybersecurity professionals, Ryan Goldberg and Kevin Martin, sentenced to four years in prison for supporting BlackCat ransomware attacks Both pleaded guilty to conspiracy and extortion charges related to attacks between April and December 2023 Third accomplice Angelo Martino pleaded guilty and awaits sentencing scheduled for July 9 The trio deployed ALPHV BlackCat ransomware against multiple US victims and extorted approximately $1.2 million in Bitcoin De
May 32 min read
Google AppSheet Used to Compromise 30,000 Facebook Accounts in Phishing Campaign
Key Findings Vietnamese-linked operation "AccountDumpling" compromised over 30,000 Facebook accounts using Google AppSheet infrastructure Phishing emails bypassed authentication checks by originating from legitimate Google servers (noreply@appsheet.com and appsheet.bounces.google.com) Four distinct attack clusters employed different social engineering methods including fake help centers, incentive offers, interactive PDFs, and fake job recruitment Stolen data funneled through
May 23 min read
Jerry's Store Data Breach Exposes 345,000 Stolen Payment Cards from Misconfigured Hacker Server
Key Findings Jerry's Store, a carding service used by criminals to validate stolen payment cards, exposed 345,000 payment card records through a misconfigured server Approximately 145,000 cards were marked as valid and worth an estimated $1 million to $2.6 million on dark web markets The leak resulted from flawed code generated by Cursor, an AI coding tool, which created an unauthenticated web directory instead of a secure dashboard Sensitive cardholder data including card nu
May 13 min read
Former Cybersecurity Professionals Sentenced to 4 Years for BlackCat Ransomware Attacks
Key Findings Ryan Goldberg and Kevin Martin sentenced to four years in prison each for facilitating BlackCat ransomware attacks in 2023 Both defendants were employed in legitimate cybersecurity roles at the time of their crimes The pair, along with co-conspirator Angelo Martino, extorted approximately $1.3 million from a medical company in a single attack Goldberg fled to Europe after being interviewed by the FBI but was tracked across 10 countries and arrested in Mexico City
May 13 min read
bottom of page
