Security News

Discord announced that voice and video messages will now be end-to-end encrypted by default, with no opt-in required, across nearly all surfaces except stage channels. The move follows a broader industry split, as some platforms drop encryption while Google and Apple expand it, and Discord highlights its ability to support encrypted…

Drupal has released security updates for CVE-2026-9082, a critical flaw in Drupal Core that can enable SQL injection on PostgreSQL-backed sites and may lead to information disclosure, privilege escalation, or remote code execution. The issue affects only Drupal sites using PostgreSQL and can be exploited by anonymous users, with fixes available…

GitHub confirmed its internal repositories were breached through an employee device compromised by a poisoned Nx Console VS Code extension, linked to the broader TanStack supply chain attack. The short-lived malicious extension was used by TeamPCP to steal credentials from developer systems and access sensitive services, prompting GitHub to rotate secrets…

Ukrainian authorities say an 18-year-old suspect from Odesa is linked to an international cybercrime operation that compromised nearly 30,000 customer accounts at a U.S.-based online retailer and facilitated unauthorized purchases worth about $721,000. Investigators allege the group used info-stealing malware to harvest credentials and session data, then sold the stolen information…

The FTC has warned 12 major tech companies that they are not yet complying with the Take It Down Act, which requires platforms to provide an easy process for victims to request removal of nonconsensual intimate images within 48 hours. The agency said companies like Alphabet, Meta, X, and TikTok must…

Webworm, a China-aligned threat actor active since at least 2022, has expanded its 2025 toolkit with EchoCreep and GraphWorm backdoors that use Discord and Microsoft Graph API for stealthy C2 communications. The group continues targeting government and enterprise victims across Asia and Europe while relying on custom proxies, SoftEther VPN, and…

Identity-based security is no longer enough because attackers can steal session tokens, bypass MFA, and exploit trusted logins in real time. The article argues that Zero Trust must combine continuous identity verification with device trust to ensure access stays tied to a healthy, approved endpoint. #NISTSP800-207 #SpecopsDeviceTrust #SpecopsSoftware

Threat actors brute-forced SonicWall Gen6 SSL-VPN credentials, bypassed MFA via CVE-2024-12802, and used the access to conduct reconnaissance and prepare ransomware-related tooling. ReliaQuest found the intrusions were likely carried out by an access broker, while SonicWall said Gen6 devices require more than a firmware update to fully fix the issue. #SonicWall #CVE-2024-12802 #ReliaQuest #CobaltStrike #Akira

Ukrainian cyberpolice, working with U.S. law enforcement, identified an 18-year-old suspect from Odesa in an infostealer operation that targeted users of a California online store. The scheme allegedly stole browser sessions and credentials from 28,000 accounts, leading to unauthorized purchases and substantial losses. #Odesa #California #Infostealer #Telegram

Microsoft disrupted Fox Tempest’s malware-signing-as-a-service operation, OpFauxSign, which abused Artifact Signing to distribute trusted-looking malicious code and support ransomware activity worldwide. The scheme enabled signed malware and loaders such as Rhysida, Oyster, Lumma Stealer, and Vidar to evade defenses and target healthcare, education, government, and financial organizations. #FoxTempest #OpFauxSign #ArtifactSigning #Rhysida…

Microsoft has released two open-source tools, RAMPART and Clarity, to help developers test and shape the security of AI agents earlier in the development process. RAMPART focuses on Pytest-native safety testing and red teaming, while Clarity helps teams clarify design intent, assumptions, and decision-making before code is written. #Microsoft #RAMPART #Clarity…

Microsoft introduced Rampart and Clarity to help developers build more secure agentic software and to support incident responders during active breaches. Rampart continuously tests code for exploitable bugs and cross-prompt injection risks, while Clarity gives real-time security guidance and design-time risk analysis for AI-driven projects. #Rampart #Clarity #PyRIT #Microsoft

AI, especially agentic AI, is rapidly reshaping app security by lowering the skill and cost needed for attackers to target more applications, including iOS and Android. Digital.ai’s 2026 report shows attack rates rising sharply across client-facing, automotive, and medical device apps, with the window from app release to first attack now…

Microsoft has released mitigations for YellowKey, a public zero-day exploit that can bypass BitLocker protection on Windows systems with physical access. The flaw, tracked as CVE-2026-45585, allows an attacker using a USB drive and recovery mode to spawn a shell and access encrypted data. #YellowKey #CVE-2026-45585 #BitLocker #WinRE…

Quantum Bridge, a Toronto-based company, raised $8 million in Series A funding to advance its quantum-safe key distribution platform, bringing total funding to $16 million. Its SDS product combines DSKE, post-quantum cryptography, and quantum key distribution to protect sectors like government, defense, finance, critical infrastructure, and communications. #QuantumBridge #DSKE #SDS…

Grafana says its breach stemmed from a single GitHub workflow token that was missed during rotation after the TanStack npm supply-chain attack, allowing attackers to access private repositories and steal source code. The incident was tied to the Shai-Hulud malware campaign attributed to TeamPCP, though Grafana says no customer production systems or data were compromised. #Grafana #TanStack #ShaiHulud #TeamPCP

GitHub said internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, and it has since contained the incident, removed the malicious version, and rotated critical secrets. The case highlights how third-party developer tools can expose source code, credentials, and build systems, with TeamPCP’s claims and the broader wave of attacks on software ecosystems underscoring the risk. #GitHub #VisualStudioCode #TeamPCP

Microsoft has issued mitigations for YellowKey, a newly disclosed Windows BitLocker zero-day tracked as CVE-2026-45585 that can let attackers access protected drives. The flaw was publicly revealed by Nightmare Eclipse, who also disclosed other zero-days including BlueHammer, RedSun, GreenPlasma, and UnDefend. #YellowKey #CVE-2026-45585 #NightmareEclipse #BlueHammer #RedSun #GreenPlasma #UnDefend

GitHub confirmed that about 3,800 internal repositories were exfiltrated after an employee installed a malicious VS Code extension, and the company removed the trojanized add-on and secured the affected device. TeamPCP claimed responsibility for the access and attempted to sell the stolen GitHub source code and private repositories, but GitHub said there is no evidence customer data outside the affected repos was impacted. #GitHub #VSCode #TeamPCP