Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-20 03:00 PDT
- How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
Securelist • 2026-05-20 02:02 • securelist.com
We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).
https://securelist.com/exiftool-compromise-mac/119866/ - FBI warns students and staff that ShinyHunters may come knocking after Canvas breach
Graham Cluley • 2026-05-20 01:28 • www.bitdefender.com
Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/fbi-shinyhunters-canvas-breach - Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
The Hacker News • 2026-05-20 01:28 • thehackernews.com
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.
“Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as ‘YellowKey,'” the
https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html - GitHub confirms breach of 3,800 repos via malicious VSCode extension
BleepingComputer • 2026-05-20 01:14 • www.bleepingcomputer.com
GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. […]
https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/ - Microsoft shares mitigation for YellowKey Windows zero-day
BleepingComputer • 2026-05-20 00:31 • www.bleepingcomputer.com
Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-yellowkey-windows-zero-day/ - Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
The Hacker News • 2026-05-19 22:12 • thehackernews.com
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised.It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories.
“After the initial assessment, we found that in addition to source
https://thehackernews.com/2026/05/grafana-github-breach-exposes-source.html - GitHub investigates internal repositories breach claimed by TeamPCP
BleepingComputer • 2026-05-19 22:08 • www.bleepingcomputer.com
GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code. […]
https://www.bleepingcomputer.com/news/security/github-investigates-internal-repositories-breach-claimed-by-teampcp/ - GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
The Hacker News • 2026-05-19 21:01 • thehackernews.com
GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum.“While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises,
https://thehackernews.com/2026/05/github-investigating-teampcp-claimed.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
