Security news.
Today's security news highlights significant law enforcement actions against cybercrime, with arrests made in connection to the Kimwolf botnet and the disruption of the "First VPN" service. Additionally, critical vulnerabilities are being addressed across various platforms, including Ubiquiti UniFi OS, Cisco Secure Workload, and Trend Micro Apex One, with CISA adding several to its Known Exploited Vulnerabilities catalog.
Megalodon GitHub Attack Targets 5,561 Repositories
A new automated campaign, "Megalodon," pushed 5,718 malicious commits to 5,561 GitHub repositories, injecting GitHub Actions workflows with base64-encoded bash payloads to exfiltrate CI data.
Trend Micro Patches Apex One Zero-Day Exploited in the Wild
Trend Micro has released a patch for CVE-2026-34926, a directory traversal flaw in the on-premise version of Apex One that has been actively exploited.
Kimwolf DDoS Botnet Operator Arrested in Canada
Jacob Butler, 23, has been arrested in Canada and charged by US authorities for allegedly operating the Kimwolf DDoS botnet, which infected nearly two million devices.
‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested
The FBI announced the disruption of "First VPN," a service allegedly used by dozens of ransomware groups for network reconnaissance and intrusions, leading to the arrest of its administrator.
Ubiquiti Patches Three Max Severity UniFi OS Vulnerabilities
Ubiquiti has released security updates to address three maximum severity vulnerabilities in UniFi OS that could allow unprivileged remote attackers to exploit systems.
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw
Cisco has released updates for a critical vulnerability (CVE-2026-20223, CVSS 10.0) in Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data due to insufficient validation and authentication.
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
Hackers accessed Grafana’s GitHub repositories and stole codebase and other data after a token compromised in the TanStack attack was not rotated.
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments
The Chinese APT group "Webworm" is reportedly using Discord and Microsoft Graphs, along with SOCKS proxies, to target EU governments.