Latest IntelligencePage 47
Search by keyword →
GitHub Hacked – Internal Source Code Repositories Compromised via Employee Device
GitHub has confirmed unauthorized access to its internal repositories after detecting a compromised employee device infected through a malicious Visual Studio C...
PoC Exploit Released for 20-Year Old PostgreSQL RCE Vulnerability
A proof-of-concept (PoC) exploit has been publicly released for CVE-2026-2005, a critical remote code execution (RCE) vulnerability affecting PostgreSQL’s pgcry...
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform...
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform...
ShinyHunters Claims Credit for Cyber-Attack on Online Learning Management System
A recent cyberattack targeting an online Learning Management System (LMS) has been attributed to the notorious cybercriminal group ShinyHunters. The incident ca...
What It'll Take to Make AI BOMs Usable in a Modern Security Program
Five ways CISOs can prepare for consuming AI Bill of Materials and influence the direction of how they're generated....
GitHub Source Code Breach – TeamPCP Claims Access to Internal Source Code
A notorious threat actor operating under the alias TeamPCP claims to have breached GitHub’s internal systems, allegedly exfiltrating proprietary organizat...
GitHub Source Code Breach – TeamPCP Claims Access to 4,000 Repositories
A notorious threat actor operating under the alias TeamPCP claims to have breached GitHub’s internal systems, allegedly exfiltrating proprietary organizat...
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web b...
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector
Verizon’s 2026 DBIR finds vulnerability exploitation has overtaken credential abuse as the leading breach vector, as AI accelerates attacks, patching delays wor...
Max-severity flaw in ChromaDB for AI apps allows server hijacking
A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed serv...
What Will Make AI BOMs Real?
A brief overview of the forces at play that will get more organizations on board with creating and consuming AI bill of materials (BOMs)....
.webp)
UAC-0184 Malware Chain Uses bitsadmin and HTA Files for Gated Payload Delivery
A newly documented attack chain linked to the threat group UAC-0184 has been observed using Windows’ built-in bitsadmin tool and HTA files to sneak malici...
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
Verizon's "2026 Data Breach Investigations Report" ("DBIR") finds that exploits are now involved in 31% of initial access for breaches, while patching lags too ...
macOS Malware Installs Fake Google Software Update LaunchAgent for Persistence
macOS users are facing a new and sophisticated threat as a variant of the SHub infostealer malware, dubbed “Reaper,” has been observed deploying a f...
Cybercrime service disrupted for abusing Microsoft platform to sign malware
Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to generate fraudulent code-...
Windows Zero-Day Barrage Continues After Patch Tuesday
YellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks....
Discord rolls out end-to-end encryption on voice, video calls
Discord announced that all voice and video calls through the communication platform are now protected by default with end-to-end encryption (E2EE). [...]...
The Gentlemen Ransomware Attacks Windows, Linux, NAS, BSD, and ESXi Attacks
A ransomware group called The Gentlemen has been quietly building one of the most aggressive cybercriminal operations seen in recent years. Emerging publicly in...
CISA Exposes Secrets, Credentials in 'Private' Repo
The agency's GitHub repository, publicly available since November 2025, was ironically named "Private-CISA."...