Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. “Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred…
While the numbers are modest, the crackdown on cybercrime involved 13 countries in the MENA region, the largest law enforcement collaboration to date.
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories. “After the initial assessment,…
GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’…
A brief overview of the forces at play that will get more organizations on board with creating and consuming AI bill of materials (BOMs).
Verizon’s “2026 Data Breach Investigations Report” (“DBIR”) finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys.
YellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks.
The agency’s GitHub repository, publicly available since November 2025, was ironically named “Private-CISA.”
The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution.
Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN’s Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains, turning the infrastructure into a pipeline for multi-stage fraud. “Users