🔥Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is...
🔥GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal...
📰CISA credential leak raises alarms, and Capitol Hill demands answers
A researcher who found a repository that leaked on GitHub said it was one of the worst he’s witnessed. The post CISA credential leak raises alarms, and Capitol Hill demands answers appeared first...
📰Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
Verizon’s annual Data Breach Investigations Report uncovered a surge of exploited vulnerabilities, and a growing lack of critical defect remediation industrywide. The post Attackers hit...
🔥Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Threat Intelligence and...
📰Mini Shai-Hulud returns, compromising hundreds of npm packages
Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer tools and CI pipelines. The post Mini...
📰Microsoft disrupts cybercrime service that abused software verification systems en masse
Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. The post Microsoft disrupts cybercrime...
🔥DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka...
🔥The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The...
🖥️« Infostealers » : comment vos mots de passe sont vendus quotidiennement pour quelques euros
Enquête« Données personnelles, la grande fuite » (3/9). Ces logiciels malveillants, que l’on télécharge sans s’en rendre compte, alimentent un …
🕵️CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS...
📰AI might cut false positives, but it won’t stop the slop
Anthropic and OpenAI promise their latest tools will find more vulnerabilities. Cybersecurity employees say they’re already flooded with AI-generated reports. The post AI might cut false positives,
🖥️« Personne n’est épargné » : face à un nombre record de violations de données en 2025, la Cnil va renforcer ses contrôles
L’autorité protectrice de la vie privée des Français déplore une hausse de 50 % des violations de données sur les trois dernières années. Plus de …
🖥️Sept interpellations, 200 kg de drogue saisis, 100 000 euros récupérés : un vaste réseau de narcotrafic démantelé en Côte-d’Or
Laurent Nuñez, le ministre de l’Intérieur, affirme que les criminels écoulaient leur drogue en France, en Australie et à Dubaï via le darknet. Pour …
🖥️Tourisme : les vols de données qui ont frappé Belambra, Pierre & Vacances et Gîtes de France sont-ils liés ?
Après Belambra et une marque du groupe Pierre & Vacances-Centers Parcs, Gîtes de France a annoncé dimanche soir avoir été victime d'une cyberattaque. …
🔥Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is...
🔥GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal...
📰CISA credential leak raises alarms, and Capitol Hill demands answers
A researcher who found a repository that leaked on GitHub said it was one of the worst he’s witnessed. The post CISA credential leak raises alarms, and Capitol Hill demands answers appeared first...
📰Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
Verizon’s annual Data Breach Investigations Report uncovered a surge of exploited vulnerabilities, and a growing lack of critical defect remediation industrywide. The post Attackers hit...
🔥Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Threat Intelligence and...
📰Mini Shai-Hulud returns, compromising hundreds of npm packages
Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer tools and CI pipelines. The post Mini...
📰Microsoft disrupts cybercrime service that abused software verification systems en masse
Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. The post Microsoft disrupts cybercrime...
🔥DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka...
🔥The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The...
🖥️« Infostealers » : comment vos mots de passe sont vendus quotidiennement pour quelques euros
Enquête« Données personnelles, la grande fuite » (3/9). Ces logiciels malveillants, que l’on télécharge sans s’en rendre compte, alimentent un …
🕵️CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS...
📰AI might cut false positives, but it won’t stop the slop
Anthropic and OpenAI promise their latest tools will find more vulnerabilities. Cybersecurity employees say they’re already flooded with AI-generated reports. The post AI might cut false positives,
🖥️« Personne n’est épargné » : face à un nombre record de violations de données en 2025, la Cnil va renforcer ses contrôles
L’autorité protectrice de la vie privée des Français déplore une hausse de 50 % des violations de données sur les trois dernières années. Plus de …
🖥️Sept interpellations, 200 kg de drogue saisis, 100 000 euros récupérés : un vaste réseau de narcotrafic démantelé en Côte-d’Or
Laurent Nuñez, le ministre de l’Intérieur, affirme que les criminels écoulaient leur drogue en France, en Australie et à Dubaï via le darknet. Pour …
🖥️Tourisme : les vols de données qui ont frappé Belambra, Pierre & Vacances et Gîtes de France sont-ils liés ?
Après Belambra et une marque du groupe Pierre & Vacances-Centers Parcs, Gîtes de France a annoncé dimanche soir avoir été victime d'une cyberattaque. …