Real-time threat intelligence on breaches, vulnerabilities, and cyber threats.

GitHub Confirms TeamPCP Breach of 3,800 Internal Repositories After Employee Installed Poisoned VS Code Extension

GitHub has confirmed that approximately 3,800 internal repositories were compromised after a TeamPCP supply chain attack that began with a single employee installing a poisoned Visual Studio Code extension. The breach was announced on Tuesday after TeamPCP posted claims on an underground forum offering GitHub's stolen source

Nx Console VS Code Extension Compromised — 2.2 Million Installs Exposed to Credential Stealer With Sigstore Supply Chain Poisoning Capability

A compromised version of the Nx Console extension — a popular VS Code plugin with over 2.2 million installations — was published to the Visual Studio Code Marketplace after an attacker leveraged stolen developer credentials to inject a multi-stage credential stealer into the official nrwl/nx GitHub repository. The malicious version

Grafana Confirms GitHub Breach After Coinbase Cartel Demands Ransom — Codebase Stolen via Compromised Token

Grafana Labs has confirmed a data breach after attackers used a compromised token to access the company's GitHub environment and download its entire codebase. The open source visualization and analytics platform disclosed the incident on Sunday, two days after cybercrime group Coinbase Cartel listed Grafana on its leak

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Symantec and Carbon Black have published a definitive analysis confirming that Fast16, a Lua-based malware framework first surfaced by SentinelOne weeks ago, was purpose-built to sabotage nuclear weapons testing simulations. The findings establish Fast16 as the earliest known cyber sabotage tool targeting nuclear weapons research — predating the first known version

Chaotic Eclipse Releases MiniPlasma — A Five-Year-Old Windows Zero-Day That Still Grants SYSTEM Privileges on Fully Patched Systems

Chaotic Eclipse has released a third wave of Windows zero-day disclosures, publishing a proof-of-concept for a privilege escalation vulnerability codenamed MiniPlasma that grants SYSTEM privileges on fully patched Windows systems — including those running the latest May 2026 updates. The flaw resides in cldflt.sys, the Windows Cloud Files Mini Filter

FamousSparrow Targets Azerbaijani Oil and Gas Firm in Three-Wave Campaign Using ProxyNotShell, Deed RAT, and Kernel-Level Rootkit

Bitdefender Labs has documented a sustained espionage campaign by Chinese-aligned APT group FamousSparrow against an oil and gas company in Azerbaijan, carried out across three distinct waves between December 2025 and February 2026. The campaign marks a strategic pivot for the group toward South Caucasus energy infrastructure and demonstrates how

Chaotic Eclipse Returns With Two More Windows Zero-Days — BitLocker Bypass YellowKey and CTFMON Privilege Escalation GreenPlasma

The anonymous security researcher known as Chaotic Eclipse — responsible for the BlueHammer, RedSun, and UnDefend Microsoft Defender zero-days that ZDW covered last month — has returned with two additional Windows zero-days, escalating an increasingly public confrontation with Microsoft over vulnerability disclosure handling. The first vulnerability, codenamed YellowKey, is a BitLocker bypass

SAP Patches Critical Code Injection Flaws in S/4HANA and Commerce Cloud

SAP has released 15 security notes as part of its May 2026 Security Patch Day, including fixes for two critical vulnerabilities carrying CVSS scores of 9.6 in S/4HANA and Commerce Cloud. The S/4HANA flaw, tracked as CVE-2026-34260, is an SQL injection caused by missing input validation and

West Pharmaceutical Services Hit by Ransomware, Systems Taken Offline Globally

West Pharmaceutical Services, a Pennsylvania-based pharmaceutical manufacturing giant, has confirmed a ransomware attack that disrupted operations across its global footprint after attackers exfiltrated data and deployed file-encrypting ransomware. The attack occurred on May 4 and prompted the company to proactively shut down and isolate affected on-premise infrastructure. In an SEC

Mini Shai-Hulud Worm Spreads Across npm and PyPI, Hits TanStack, Mistral AI, and More

A threat actor tracked as TeamPCP is behind a widening supply chain attack campaign called Mini Shai-Hulud, which has compromised packages across both the npm and PyPI ecosystems belonging to TanStack, Mistral AI, Guardrails AI, OpenSearch, and UiPath, among others. The compromised packages contain an obfuscated JavaScript file named "

Instructure Pays ShinyHunters to Prevent 3.6TB Canvas Data Leak

Instructure, the company behind Canvas LMS — used by over 30 million educators and students across more than 8,000 institutions worldwide — has confirmed it reached a financial agreement with the ShinyHunters extortion group to prevent the release of stolen data from a recent breach. The company stated that ShinyHunters returned

Microsoft Exposes AiTM Phishing Campaign Targeting 35,000 Users Across 26 Countries With Code of Conduct Lures and Real-Time Token Theft

Microsoft has disclosed a large-scale credential theft campaign that targeted more than 35,000 users across 13,000 organizations in 26 countries over a three-day window between April 14 and 16, 2026. The campaign combined polished enterprise-style lures with adversary-in-the-middle (AiTM) phishing to harvest Microsoft credentials and authentication tokens in