11 Jul, 2026

Ukraine identifies infostealer operator tied to 28,000 stolen accounts

The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California. According to the Ukrainian police, the threat actor used information-stealing malware between 2024 and 2025 to infect users’ devices and steal browser sessions […]

2 mins read

Hackers bypass SonicWall VPN MFA due to incomplete patching

Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. During the intrusions, the hacker took between 30 and 60 minutes to log in, do network reconnaissance, test credential reuse on internal systems, and log out. SonicWall warned in a security advisory for […]

3 mins read

Grafana breach caused by missed token rotation after TanStack attack

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. In the ongoing Shai-Hulud malware campaign attributed to TeamPCP hackers, dozens of TanStack packages infected with credential-stealing code were published on the npm index, compromising developer environments, including Grafana’s. When the malicious […]

2 mins read

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as CVE-2026-45829 and was reported to ChromaDB on February 17. It received the maximum severity score from HiddenLayer, the company that discovered it. ChromaDB is an open-source vector database and AI retrieval […]

2 mins read

Cybercrime service disrupted for abusing Microsoft platform to sign malware

Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company’s Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. According to a report published today by Microsoft Threat Intelligence, the threat actor tracked as Fox Tempest used the Microsoft Artifact Signing platform to create short-lived certificates […]

4 mins read

Discord rolls out end-to-end encryption on voice, video calls

Discord announced that all voice and video calls through the communication platform are now protected by default with end-to-end encryption (E2EE). The implementation was completed in March. Extensive at-scale testing has given Discord the confidence to formally announce the E2EE deployment now, and to start removing client code that supports unencrypted fallback. Discord is a […]

2 mins read

FBI: Americans lost over $388 million to scams using crypto ATMs in 2025

The FBI says Americans have lost over $388 million last year to scams using cryptocurrency kiosks, also known as crypto ATMs or Bitcoin ATMs. Cryptocurrency kiosks are physical, standalone electronic terminals (which may or may not require identity verification to prevent money laundering) that resemble bank ATMs and allow users to buy or sell crypto […]

2 mins read

Drupal critical update to fix bug with high exploitation risk

Drupal has announced a “core security release” scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. Administrators are urged to reserve time for core updates on May 20 between 17:00 and 21:00 UTC. Website administrators running versions 8 or 9 are strongly recommended to upgrade to at […]

1 min read

Exploit released for new PinTheft Arch Linux root escalation flaw

A recently patched Linux privilege escalation vulnerability now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. The vulnerability, named PinTheft by the V12 security team and still waiting to be assigned a CVE ID for easier tracking, exists in the Linux kernel’s RDS (Reliable […]

3 mins read

GitHub confirms breach of 3,800 repos via malicious VSCode extension

GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. The company has since removed the unnamed trojanized extension from the VS Code marketplace and has secured the compromised device. “Yesterday we detected and contained a compromise of an employee device involving a poisoned […]

3 mins read