Cybersecurity

Microsoft disrupted Fox Tempest, a malware-signing-as-a-service that weaponized its Artifact Signing system to legitimize ransomware and other malware.The service sold for between $5,000 and...

Microsoft has released a mitigation for a critical BitLocker bypass flaw called "YellowKey" (CVE-2026-45585).The vulnerability allows attackers with physical access to circumvent device encryption...

GitHub is investigating unauthorized access to its internal repositories after a threat actor listed its source code for sale.The attack involved a compromised employee...

Trapdoor campaign funneled malvertising into ad fraud using 455 malicious Android apps and 183 C2 domains.The operation generated 659 million daily bid requests at...

Drupal will release a critical security fix for its CMS on May 20, 2026, warning that exploits could appear "within hours or days."Patches will...

Four malicious npm packages discovered distributing information-stealing malware and a DDoS botnet.One package contains a clone of the open-source Shai-Hulud worm leaked by TeamPCP.Attackers...

A critical heap buffer overflow vulnerability (CVE-2026-42945) in NGINX is being actively exploited in the wild, allowing for denial-of-service or potential remote code execution.Exploitation...

Grafana disclosed a data breach where an unauthorized party accessed its GitHub and downloaded its codebase.The cybercrime group CoinbaseCartel has claimed responsibility for the...