Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Microsoft shares mitigation for YellowKey Windows zero-day
Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. The security flaw was disclosed last week by an anonymous security researcher known as ‘Nightmare Eclipse,’ who described it as a backdoor and published a proof-of-concept (PoC) exploit. Nightmare Eclipse said that exploiting this zero-day involves placing specially […]
GitHub investigates internal repositories breach claimed by TeamPCP
GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code. GitHub’s cloud-based development platform is used by more than 4 million organizations (including 90% of the Fortune 100) and over 180 million developers who contribute to more than 420 million code […]
Microsoft Self-Service Password Reset abused in Azure data theft attacks
A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features. Microsoft tracks the actor as Storm-2949 and says that the purpose of the attacks is “to exfiltrate as much sensitive data from a target organization’s high-value assets as possible.” Storm-2949 used social engineering […]
New Shai-Hulud malware wave compromises 600 npm packages
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. Most of the affected packages are in the @antv ecosystem, which includes libraries for charting, graph visualization, building flowcharts, and mapping. However, popular packages outside this namespace have also been […]
7-Eleven confirms data breach claimed by the ShinyHunters gang
Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month. Founded in 1927, 7-Eleven now operates, franchises, and licenses over 86,000 stores globally, including 13,000 stores in the U.S. and Canada, while its 7Rewards and Speedy Rewards loyalty programs have more than 100 […]
Microsoft confirms patching issues in restricted Windows networks
Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. In Windows network-restricted environments, ranging from fully isolated, air-gapped systems to strictly firewalled networks, affected systems will display error code 0x80010002 when updating through Windows Update. “Affected devices might be able to download the […]
INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
More than 200 individuals were arrested for cybercrime activities during INTERPOL’s Operation Ramz, which focused on the Middle East and North Africa. Law enforcement also identified another 382 suspects across 13 countries (Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE). In addition to the arrests, authorities seized 53 […]
SHub macOS infostealer variant spoofs Apple security updates
A new variant of the ‘SHub’ macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. Dubbed Reaper, the new version steals sensitive browser data, collects documents and files that may contain financial details, and hijacks crypto wallet apps. Unlike earlier SHub campaigns that relied on “ClickFix” tactics, tricking users […]
Leaked Shai-Hulud malware fuels new npm infostealer campaign
The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. A threat actor using the account deadcode09284814 published four malicious packages on npm and embedded one of them with a non-obfuscated version of Shai-Hulud that targeted developer credentials, secrets, cryptocurrency wallet data, and […]
Grafana says stolen GitHub token let hackers steal codebase
Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. A relatively new extortion gang known as CoinbaseCartel has claimed the attack by adding Grafana to their data leak site (DLS), although no data has been leaked yet. Grafana Labs is the company behind Grafana, the […]