11 Jul, 2026

Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. The security flaw was disclosed last week by an anonymous security researcher known as ‘Nightmare Eclipse,’ who described it as a backdoor and published a proof-of-concept (PoC) exploit. Nightmare Eclipse said that exploiting this zero-day involves placing specially […]

3 mins read

GitHub investigates internal repositories breach claimed by TeamPCP

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code. GitHub’s cloud-based development platform is used by more than 4 million organizations (including 90% of the Fortune 100) and over 180 million developers who contribute to more than 420 million code […]

2 mins read

New Shai-Hulud malware wave compromises 600 npm packages

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. Most of the affected packages are in the @antv ecosystem, which includes libraries for charting, graph visualization, building flowcharts, and mapping. However, popular packages outside this namespace have also been […]

6 mins read

7-Eleven confirms data breach claimed by the ShinyHunters gang

Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month. Founded in 1927, 7-Eleven now operates, franchises, and licenses over 86,000 stores globally, including 13,000 stores in the U.S. and Canada, while its 7Rewards and Speedy Rewards loyalty programs have more than 100 […]

3 mins read

Microsoft confirms patching issues in restricted Windows networks

Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. In Windows network-restricted environments, ranging from fully isolated, air-gapped systems to strictly firewalled networks, affected systems will display error code 0x80010002 when updating through Windows Update. “Affected devices might be able to download the […]

2 mins read

INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers

More than 200 individuals were arrested for cybercrime activities during INTERPOL’s Operation Ramz, which focused on the Middle East and North Africa. Law enforcement also identified another 382 suspects across 13 countries (Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE). In addition to the arrests, authorities seized 53 […]

1 min read

SHub macOS infostealer variant spoofs Apple security updates

A new variant of the ‘SHub’ macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. Dubbed Reaper, the new version steals sensitive browser data, collects documents and files that may contain financial details, and hijacks crypto wallet apps. Unlike earlier SHub campaigns that relied on “ClickFix” tactics, tricking users […]

4 mins read

Leaked Shai-Hulud malware fuels new npm infostealer campaign

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. A threat actor using the account deadcode09284814 published four malicious packages on npm and embedded one of them with a non-obfuscated version of Shai-Hulud that targeted developer credentials, secrets, cryptocurrency wallet data, and […]

3 mins read

Grafana says stolen GitHub token let hackers steal codebase

Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. A relatively new extortion gang known as CoinbaseCartel has claimed the attack by adding Grafana to their data leak site (DLS), although no data has been leaked yet. Grafana Labs is the company behind Grafana, the […]

3 mins read