Aggregator

A malicious VS code extension just breached GitHub ‘s internal repositories

The security issue tracked as CVE-2026-45829, often referred to in analysis as ChromaToast

阅读： 22026年世界电信和信息社会日期间，《通信产业报》正式发布《韧性的力量：517世界电信日产业图谱报告》与《517电信日编辑选择：

ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal

Verizon DBIR finds 31% of data breaches began with software flaws last year

GitHub 通过 X 平台官方账号证实黑客窃取了其内部代码库，它正对此展开调查。此前黑客组织 TeamPCP 通过 Breached 论坛声称获得了 GitHub 内部源代码和内部组织的

GitHub 通过 X 平台官方账号证实黑客窃取了其内部代码库，它正对此展开调查。此前黑客组织 TeamPCP 通过 Breached 论坛声称获得了 GitHub 内部源代码和内部组织的访问权限，窃取了大约 3800 个代码库，它对想要访问源代码的人开出了 5 万美元的报价。TeamPCP 坚称这不是勒索，只要有人开出不低于 5 万美元的报价，它们会在收钱之后销毁数据，如果没有买家则将会免费公开。GitHub 称它的调查显示一名员工的计算机被入侵，其源头是安装的恶意 VS Code 扩展，他们移除了扩展隔离了设备，正继续进行调查。GitHub 表示目前没有证据表明客户数据受到影响。

Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company has provided step-by-step mitigation advice to protect affected Windows devices from exploitation. CVE-2026-45585 and the YellowKey exploit CVE-2026-45585 is a security feature bypass vulnerability that can only be exploited if the attacker has physical access … More →

The post Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) appeared first on Help Net Security.

Что расследование рассказало о кибератаке на Huawei.

New StorybyTiger Data (creators of TimescaleDB)byTiger Data (creators of TimescaleDB)@tigerdataTige

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. "Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as 'YellowKey,'" the

Vulnerability / EncryptionMicrosoft on Tuesday released a mitigation for a BitLocker bypass vulner

GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its

GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. [...]

Trivy, Checkmarx, OpenAI и теперь GitHub. Цепочка громких атак TeamPCP пополнилась крупнейшим именем.

The npm ecosystem has been subjected to a massive, highly coordinated supply-chain assault. Within a compressed one-hour envelope,

The post Shai-Hulud Malware Hits @antv Ecosystem, Poisoning Hundreds of npm Packages appeared first on Information Security News.

The Linux ecosystem has been destabilized by successive operational waves for several weeks; scarcely had the industry turbulence

The post Bypassing the Guardrails: New “DirtyDecrypt” Linux Flaw Overwrites Root Files in Memory appeared first on Information Security News.