Daily News
Opening a repository is now an attack surface. Microsoft learned this the hard way.
Opening a repository is now an attack surface. Microsoft learned this the hard way. The Miasma supply chain worm did not wait for developers to run code. It executed the moment they opened a repository in their AI coding assistant. On June 5â6, GitHub disabled 73 repositories across Microsoft’s Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations…
Read MoreOne click. Full access to every private repository your developer can reach.
One click. Full access to every private repository your developer can reach. Researcher Ammar Askar published a working exploit for a VS Code zero-day on June 2 â after going through Microsoft’s disclosure process and losing confidence in the response timeline. He dropped it publicly. Microsoft patched within 24 hours. The target: GitHub’s browser-based editor,…
Read MoreYour password manager just had encrypted vaults stolen. That’s not a near-miss.
Your password manager just had encrypted vaults stolen. That’s not a near-miss. Dashlane disclosed this week that attackers successfully downloaded encrypted password vaults belonging to fewer than 20 users via a brute-force attack. Dashlane notes the vaults remain encrypted and there’s no evidence of successful decryption. Most organizations reading this will breathe a sigh of…
Read MoreThe security tool your developer just installed may have already stolen your cloud keys.
The security tool your developer just installed may have already stolen your cloud keys. Red Hat’s official npm namespace was compromised on June 1. Thirty-two packages under @redhat-cloud-services â collectively downloaded ~80,000 times per week â contained a preinstall script that ran before a single line of application code executed. By the time the package…
Read MoreA ransomware group grew from 35 victims to 182 in a single quarter. They did it by offering affiliates 90% of every ransom paid.
A ransomware group grew from 35 victims to 182 in a single quarter. They did it by offering affiliates 90% of every ransom paid. That’s not a cyber story. That’s a business model. The Gentlemen launched in August 2025. By Q1 2026 they were the second most active ransomware group globally, claiming 300+ victims publicly…
Read More