← Latest brief

Security news.

·Morning Brief

Today's threat landscape is dominated by critical infrastructure breaches and zero-day exploits. GitHub suffered a major breach exposing 3,800+ internal repositories via a malicious VS Code extension, while Drupal faces an imminent critical vulnerability with high exploitation risk. Supply chain attacks continue to escalate, with 320+ NPM packages compromised and multiple AI/developer tools targeted.

BLEEPINGBREACH
May 20READ

GitHub Confirms Breach of 3,800 Internal Repos via Malicious VS Code Extension

The TeamPCP hacking group accessed GitHub's internal repositories after a GitHub employee installed a poisoned VS Code extension, exposing source code and internal organizations.

BLEEPINGPATCH
May 20READ

Drupal Critical Update Scheduled for Today to Fix High-Risk Vulnerability

Drupal is releasing a "core security release" today with warnings that threat actors may develop exploits within hours of disclosure.

SECURITYWEEKSUPPLY CHAIN
May 20READ

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A compromised maintainer account was used to publish malicious versions across the @antv namespace, affecting hundreds of packages.

THNPHISHING
May 19READ

EvilTokens Phishing-as-a-Service Compromises 340+ Microsoft 365 Organizations via OAuth Consent Bypass

The PhaaS platform bypasses MFA by abusing OAuth consent screens, compromising organizations across five countries within five weeks of launch.

SECURITYWEEKPATCH
May 20READ

Anthropic Silently Patches Claude Code Sandbox Bypass

A researcher discovered the vulnerability could be chained with prompt injection to exfiltrate data from the AI platform.

BLEEPINGBREACH
May 19READ

Max-Severity Flaw in ChromaDB for AI Apps Allows Server Hijacking

A critical vulnerability in ChromaDB's Python FastAPI version allows unauthenticated attackers to execute arbitrary code on exposed servers.

BLEEPINGBREACH
May 20READ

Exploit Released for PinTheft Arch Linux Root Escalation Flaw

A publicly available PoC exploit now exists for the recently patched Linux privilege escalation vulnerability, allowing local attackers to gain root access.

THNPATCH
May 20READ

Microsoft Releases Mitigation for YellowKey BitLocker Bypass (CVE-2026-45585)

Microsoft released a mitigation for the publicly disclosed zero-day BitLocker security feature bypass with a CVSS score of 6.8.

Generated twice daily from public security RSS feeds. Informational only.