Daily News
Your Check Point VPN has a zero-day. Qilin ransomware is already using it.
Your Check Point VPN has a zero-day. Qilin ransomware is already using it. The vulnerability requires no stolen credentials, no phishing, no user interaction. It requires only that your VPN still supports a protocol from 2005. CVE-2026-50751, disclosed on June 8, is an authentication bypass in Check Point Remote Access VPN and Mobile Access. The…
Read MoreOpening a repository is now an attack surface. Microsoft learned this the hard way.
Opening a repository is now an attack surface. Microsoft learned this the hard way. The Miasma supply chain worm did not wait for developers to run code. It executed the moment they opened a repository in their AI coding assistant. On June 5â6, GitHub disabled 73 repositories across Microsoft’s Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations…
Read MoreOne click. Full access to every private repository your developer can reach.
One click. Full access to every private repository your developer can reach. Researcher Ammar Askar published a working exploit for a VS Code zero-day on June 2 â after going through Microsoft’s disclosure process and losing confidence in the response timeline. He dropped it publicly. Microsoft patched within 24 hours. The target: GitHub’s browser-based editor,…
Read MoreYour password manager just had encrypted vaults stolen. That’s not a near-miss.
Your password manager just had encrypted vaults stolen. That’s not a near-miss. Dashlane disclosed this week that attackers successfully downloaded encrypted password vaults belonging to fewer than 20 users via a brute-force attack. Dashlane notes the vaults remain encrypted and there’s no evidence of successful decryption. Most organizations reading this will breathe a sigh of…
Read MoreThe security tool your developer just installed may have already stolen your cloud keys.
The security tool your developer just installed may have already stolen your cloud keys. Red Hat’s official npm namespace was compromised on June 1. Thirty-two packages under @redhat-cloud-services â collectively downloaded ~80,000 times per week â contained a preinstall script that ran before a single line of application code executed. By the time the package…
Read More
