2026

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos 2026-05-20 at 15:00 By GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While we currently have

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos Read More »

FBI: $388 million lost in crypto ATM scams in 2026

FBI: $388 million lost in crypto ATM scams in 2026 2026-05-20 at 14:30 By Anamarija Pogorelec Americans lost more than $388 million to crypto kiosk scams in 2025, with the FBI warning that criminals are increasingly directing victims to transfer funds through these machines. Cryptocurrency kiosks, popularly known as Bitcoin ATMs, are physical automated teller

FBI: $388 million lost in crypto ATM scams in 2026 Read More »

ArmorCode gives security teams AI workers for exposure and remediation

ArmorCode gives security teams AI workers for exposure and remediation 2026-05-20 at 14:30 By Industry News ArmorCode has announced Anya Agents, a new agentic AI framework delivered on the patented ArmorCode Agentic AI Platform that enables organizations to operationalize AI-driven security workflows at enterprise scale. Built on ArmorCode’s Context Risk Graph, Anya Agents help security

ArmorCode gives security teams AI workers for exposure and remediation Read More »

Novata uses AI to map risk across portfolios and supply chains

Novata uses AI to map risk across portfolios and supply chains 2026-05-20 at 14:21 By Industry News Novata has announced the launch of Risk Atlas, a new AI-powered risk monitoring tool designed to help organizations identify, compare, and prioritize risks across portfolios and supply chains. Framework for comparative risk visibility Risk Atlas provides a single,

Novata uses AI to map risk across portfolios and supply chains Read More »

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack 2026-05-20 at 14:21 By Ionut Arghire A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared first on SecurityWeek. This article is an

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack Read More »

Caught Off Guard: Securing AI After It Hits Production

Caught Off Guard: Securing AI After It Hits Production 2026-05-20 at 14:01 By Joshua Goldfarb As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. The post Caught Off Guard: Securing AI After It Hits Production appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Caught Off Guard: Securing AI After It Hits Production Read More »

Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem

Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem 2026-05-20 at 14:01 By AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era

Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem Read More »

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension 2026-05-20 at 13:47 By Zeljka Zorz Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Read More »

Trust3 AI focuses on AI agent risks with MCP Security layer

Trust3 AI focuses on AI agent risks with MCP Security layer 2026-05-20 at 13:47 By Industry News Trust3 AI has announced the launch of Model Context Protocol (MCP) Security, establishing a new standard for safeguarding enterprise agentic AI workloads. This solution forms a key capability within Trust3 AI’s enterprise agent control plane, empowering security and

Trust3 AI focuses on AI agent risks with MCP Security layer Read More »

Real-World ICS Security Tales From the Trenches

Real-World ICS Security Tales From the Trenches 2026-05-20 at 13:18 By Eduard Kovacs SecurityWeek spoke with several ICS security experts and companies about their most memorable experiences in the field. The post Real-World ICS Security Tales From the Trenches appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Real-World ICS Security Tales From the Trenches Read More »

FTC urged to investigate Roblox for allegedly exposing kids to sex predators, misleading public about safety

FTC urged to investigate Roblox for allegedly exposing kids to sex predators, misleading public about safety 2026-05-20 at 13:04 By Thomas Barrabi Fairplay and the National Center for Online Sexual Exploitation (NCOSE) allege that Roblox’s voice and text chat features “are a source of substantial harm to children, facilitating predation and abuse by enabling adult

FTC urged to investigate Roblox for allegedly exposing kids to sex predators, misleading public about safety Read More »

Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals

Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals 2026-05-20 at 13:02 By Industry News Encryption Consulting has released CertSecure Manager v3.3, which automates zero-touch certificate renewal across all major enterprise server platforms and extends CA support to 11 providers, including Google Public CA and AWS. Certificate-related outages can cost enterprises millions in unplanned

Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals Read More »

Darwinium updates mobile SDKs to detect remote access scam activity

Darwinium updates mobile SDKs to detect remote access scam activity 2026-05-20 at 13:02 By Industry News Darwinium has announced updates to its Android and iOS mobile SDKs. It enables banks, payment providers, and digital businesses to tackle the proliferation of remote access scams, including those that manipulate live sessions and account farming operations that run

Darwinium updates mobile SDKs to detect remote access scam activity Read More »

Virtual Event Today: Threat Detection & Incident Response Summit

Virtual Event Today: Threat Detection & Incident Response Summit 2026-05-20 at 13:02 By SecurityWeek News The speed and sophistication of cyberattacks have outpaced traditional defense methods. Please join us online today from 11AM -4PM ET for the Threat Detection & Incident Response Summit. Don’t miss this virtual event as we explore how to cut through alert

Virtual Event Today: Threat Detection & Incident Response Summit Read More »

GitHub Confirms Hack Impacting 3,800 Internal Repositories

GitHub Confirms Hack Impacting 3,800 Internal Repositories 2026-05-20 at 13:02 By Ionut Arghire The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3,800 Internal Repositories appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GitHub Confirms Hack Impacting 3,800 Internal Repositories Read More »

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit 2026-05-20 at 13:02 By Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit Read More »

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) 2026-05-20 at 11:49 By Zeljka Zorz Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) Read More »

Communicating cyber risk in dollars boards understand

Communicating cyber risk in dollars boards understand 2026-05-20 at 09:34 By Mirko Zorz In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting people, processes, and

Communicating cyber risk in dollars boards understand Read More »

CVE Lite CLI: Open-source dependency vulnerability scanner

CVE Lite CLI: Open-source dependency vulnerability scanner 2026-05-20 at 09:34 By Mirko Zorz Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours

CVE Lite CLI: Open-source dependency vulnerability scanner Read More »

Scroll to Top