Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems…
Cyber Security
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP…
What It’ll Take to Make AI BOMs Usable in a Modern Security Program
Five ways CISOs can prepare for consuming AI Bill of Materials and influence the direction of how they’re generated.
What Will Make AI BOMs Real?
A brief overview of the forces at play that will get more organizations on board with creating and consuming AI…
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
Verizon’s “2026 Data Breach Investigations Report” (“DBIR”) finds that exploits are now involved in 31% of initial access for breaches,…
Windows Zero-Day Barrage Continues After Patch Tuesday
YellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks.
CISA Exposes Secrets, Credentials in ‘Private’ Repo
The agency’s GitHub repository, publicly available since November 2025, was ironically named “Private-CISA.”
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to…
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The…
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could…