Grafana GitHub Token Breach Leads To Extortion Attempt
Grafana confirms unauthorized GitHub token breach — attackers downloaded codebase and attempted extortion. No customer data compromised.
May 2026
Read More
First Public macOS Kernel Exploit Hits Apple M5 Chip
Apple M5 chip exploited for first time: researchers achieve kernel memory corruption on macOS 26.4.1 in just 5 days, bypassing hardware-level protections.
DEVCORE Wins Pwn2Own Berlin With 47 Zero-Days Found
DEVCORE dominates Pwn2Own Berlin 2026, claiming Master of Pwn title. 47 zero-days discovered, $1.3M paid out in three intense days of hacking competition.
Microsoft Denies Azure Flaw After Alleged Secret Patch
Microsoft accused of secretly patching Azure vulnerability after rejecting researcher’s report—no CVE issued. Company denies changes despite documented fix.
CISA Flags Actively Exploited Microsoft Exchange Zero-Day
CISA has added CVE-2026-42897, an actively exploited Microsoft Exchange Server XSS vulnerability, to its Known Exploited Vulnerabilities catalog. Federal agencies have until May 29, 2026 to remediate the flaw, which enables spoofing attacks via Outlook Web Access.
Russian APT Turla Evolves Kazuar Into Stealth P2P Botnet
Russian APT Turla transforms Kazuar malware into stealthy P2P botnet for long-term network persistence. Nation-state threat actors evolving tactics.
Funnel Builder Flaw Enables WooCommerce Skimming
ALERT: Hackers exploit Funnel Builder flaw to inject skimmers into WooCommerce checkouts, stealing payment data. 600K+ sites at risk. Patch NOW. Severity: High Target: WooCommerce sites
OpenAI Hit By Malicious npm Package Supply Chain Attack
OPENAI EMPLOYEE DEVICES COMPROMISED Malware in poisoned TanStack npm packages hit OpenAI staff machines Internal credentials stolen in supply chain attack Severity: High Target: OpenAI employees
OpenAI Hit By TanStack npm Supply Chain Attack
OpenAI employee devices compromised through poisoned npm packages. Limited credentials stolen in TanStack supply chain attack. Even tech giants aren’t immune.
OpenAI Hit By npm Supply Chain Attack Via Malware
OPENAI EMPLOYEE DEVICES COMPROMISED IN ATTACK Malware-laden npm packages infected two OpenAI staff machines, stealing internal credentials. Supply chain attacks continue to threaten even the most security-conscious organizations. Audit all npm dependencies and rotate credentials immediately. Severity: High Target: JavaScript developers and enterprises