TanStack Weighs Invite-Only PRs After Supply Chain Attack
TanStack considers locking down PRs after Shai-Hulud worm exploited GitHub Actions to poison their shared cache. The nuclear option for open source?
Read More
ShinyHunters Breach Exposes 600K 7-Eleven Records
7-Eleven confirms data breach after ShinyHunters claims theft of 600K+ Salesforce records. Franchisee data and corporate info exposed in latest attack.
Critical n8n Flaws Enable Remote Code Execution Attacks
Critical flaws in n8n workflow automation platform can be chained for full remote code execution. Three CVEs put automation systems at serious risk.
Grafana Source Code Stolen Via Compromised GitHub Token
Grafana Labs confirms source code stolen after attackers compromised GitHub environment with stolen access token. Another reminder that token security is critical.
Poland Bans Signal For Officials, Mandates State App
Poland orders officials off Signal, mandates state-built messenger instead. The reason? Social engineering attacks hitting government leadership. Sovereignty or security theater?
YellowKey Zero-Day Bypasses Windows 11 BitLocker
New zero-day exploit “YellowKey” bypasses Windows 11 BitLocker encryption. Physical access required but defeats TPM protection completely.
Microsoft Tests Resizable Taskbar In Windows 11 Preview
Microsoft brings back resizable taskbar and Start menu to Windows 11. A small UI change that could have big security implications for enterprise environments.
F-35 Software Delays Force UK To Buy US Glide Bombs
UK forced to buy US glide bombs for F-35s after software delays postpone British SPEAR 3 missile integration. StormBreaker becomes the stopgap solution.
MiniPlasma Zero-Day Grants SYSTEM Access On Patched Windows
New Windows 0-day MiniPlasma grants attackers SYSTEM privileges on fully patched systems. The flaw targets Cloud Files Mini Filter Driver—no patch available yet.
Canvas Breach Proves Prevention Is No Longer Enough
Canvas breach exposed millions. Prevention failed. Organizations still unprepared for modern SaaS attacks. Defense strategies need a complete rethink.