Threats
GitHub has disabled 73 Microsoft repositories after the Miasma worm infiltrated Azure infrastructure through a compromised contributor account, breaking CI/CD pipelines across the Azure Functions ecosystem and triggering remote code execution on developer machines that opened the infected repos in IDEs and AI coding tools. The attack began on
Breaches
A False Claims Act lawsuit originally filed under seal in 2020 has been unsealed after the federal government declined to join as co-plaintiff, revealing explosive allegations from IBM's former Vice President of Threat Intelligence that both IBM and AT&T systematically concealed nation-state hacking incidents
Breaches
Meta has disclosed that over 20,000 Instagram accounts were hijacked after attackers exploited a vulnerability in the company's AI-powered High Touch Support (HTS) system — an account recovery tool designed to help users regain access after being locked out. The flaw allowed unauthorized password resets without verifying
Threats
The intelligence agencies of all five Five Eyes nations have issued a joint alert warning that Chinese military intelligence officers are conducting coordinated recruitment campaigns on professional networking platforms, targeting government and military personnel with access to classified or privileged information. The alert — co-authored by the FBI, MI5, the
Alerts
Palo Alto Networks Unit 42 has confirmed active exploitation of CVE-2026-0257, an authentication bypass vulnerability in the portal and gateway components of PAN-OS that allows unauthorized attackers to circumvent security controls and initiate VPN connections through GlobalProtect. CISA added the flaw to its Known Exploited Vulnerabilities catalog
Breaches
GitHub has confirmed that approximately 3,800 internal repositories were compromised after a TeamPCP supply chain attack that began with a single employee installing a poisoned Visual Studio Code extension. The breach was announced on Tuesday after TeamPCP posted claims on an underground forum offering GitHub's stolen source
Threats
A compromised version of the Nx Console extension — a popular VS Code plugin with over 2.2 million installations — was published to the Visual Studio Code Marketplace after an attacker leveraged stolen developer credentials to inject a multi-stage credential stealer into the official nrwl/nx GitHub repository. The malicious
Breaches
Grafana Labs has confirmed a data breach after attackers used a compromised token to access the company's GitHub environment and download its entire codebase. The open source visualization and analytics platform disclosed the incident on Sunday, two days after cybercrime group Coinbase Cartel listed Grafana on its leak
Threats
Symantec and Carbon Black have published a definitive analysis confirming that Fast16, a Lua-based malware framework first surfaced by SentinelOne weeks ago, was purpose-built to sabotage nuclear weapons testing simulations. The findings establish Fast16 as the earliest known cyber sabotage tool targeting nuclear weapons research — predating the first
Alerts
Chaotic Eclipse has released a third wave of Windows zero-day disclosures, publishing a proof-of-concept for a privilege escalation vulnerability codenamed MiniPlasma that grants SYSTEM privileges on fully patched Windows systems — including those running the latest May 2026 updates. The flaw resides in cldflt.sys, the Windows Cloud
Threats
Bitdefender Labs has documented a sustained espionage campaign by Chinese-aligned APT group FamousSparrow against an oil and gas company in Azerbaijan, carried out across three distinct waves between December 2025 and February 2026. The campaign marks a strategic pivot for the group toward South Caucasus energy infrastructure and demonstrates
Alerts
The anonymous security researcher known as Chaotic Eclipse — responsible for the BlueHammer, RedSun, and UnDefend Microsoft Defender zero-days that ZDW covered last month — has returned with two additional Windows zero-days, escalating an increasingly public confrontation with Microsoft over vulnerability disclosure handling. The first vulnerability, codenamed YellowKey, is a