GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. The company has since removed the unnamed trojanized extension from the VS Code marketplace and has secured the compromised device. "Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately," the company said. READ MORE...
NYC Health + Hospitals (NYC H+H) posted a data breach notice about a months-long breach via a third-party vendor that exposed highly sensitive patient and employee data for at least 1.8 million people, including medical records, government IDs, geolocation data, and even fingerprint and palm-print biometrics. NYC H+H detected suspicious activity on February 2, 2026, and later confirmed that an unauthorized actor had access to parts of its network from roughly late November 2025 through February 2026. READ MORE...
When the FBI puts out a public service announcement that deliberately appears to avoid naming the company at the centre of the story, you can usually work out which one it is... On 15 May 2026, the FBI's Internet Crime Complaint Center (IC3) issued an advisory about the ShinyHunters extortion gang that recently breached "an online Learning Management System" used by educational institutions across the United States. READ MORE...
Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. Administrators are urged to reserve time for core updates on May 20 between 17:00 and 21:00 UTC. Website administrators running versions 8 or 9 are strongly recommended to upgrade to at least version 10.6. The Drupal content management system (CMS) is very popular among large organizations as well as in the government, education, and healthcare sectors. READ MORE...
Attackers couldn't get enough of the vulnerabilities at their disposal last year, making exploits the top initial access vector across more than 22,000 breaches Verizon analyzed in its latest Data Breach Investigations Report released Tuesday. The massive annual study uncovered a surge of exploited vulnerabilities during a one-year period ending in October 2025. Exploited defects accounted for 31% of all known initial access vectors, jumping from 20% the previous year. READ MORE...
A recently patched Linux privilege escalation vulnerability now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. The vulnerability, named PinTheft by the V12 security team and still waiting to be assigned a CVE ID for easier tracking, exists in the Linux kernel's RDS (Reliable Datagram Sockets) and was patched earlier this month. READ MORE...
A threat group has successfully been exploiting a two-year-old vulnerability in SonicWall SSL-VPN appliances since February, despite the flaw being patched, according to a report released Tuesday by cybersecurity firm Reliaquest. The authentication bypass vulnerability, tracked as CVE-2024-12802, allows an attacker to bypass multifactor authentication (MFA) in SonicWall SSL-VPN appliances. Starting in February 2026, attackers were able to engage in brute force attacks using automated tools... READ MORE...