Security & Lifecycle News

Grafana breach caused by missed token rotation after TanStack attack

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. [...]

Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution

The new Series A funding round brings the total raised by Quantum Bridge to $16 million.  The post Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution appea…

Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass

The exploitation is mitigated by preventing the FsTx Auto Recovery Utility from starting when the WinRE image launches. The post Microsoft Rolls Out Mitigations for ‘YellowKey’ Bit…

AI reshapes cybersecurity workforce priorities as IT teams brace for new risks

Artificial intelligence is reshaping cybersecurity operations, workforce development, and enterprise risk management, according to separate research reports from Hack The Box and I…

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop

Digital.ai’s latest threat report warns that agentic AI has erased the distinction between emerging and primary targets, enabling attackers to strike mobile apps within hours of re…

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct …

On AI Security

Good report: Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because …

Identity Alone Isn't Enough: Why Device Security Has to Share the Load

Identity checks alone can't stop attackers using stolen session tokens and compromised devices. Specops Software outlines why Zero Trust strategies increasingly depend on continuou…

[An RX Global Event] Infosecurity Europe

1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials

1Password says AI coding agents should never hold persistent secrets, introducing a just-in-time credential model for OpenAI Codex designed to keep credentials out of prompts, code…

Those spared latest Meta job cuts forcibly reassigned to AI roles

Staff protest overhaul and mouse tracking at 'Employee Data Extraction Factory'

Anthropic Silently Patches Claude Code Sandbox Bypass

The researcher who found it says the vulnerability could have been chained with a prompt injection to exfiltrate data. The post Anthropic Silently Patches Claude Code Sandbox Bypas…

Drupal critical update to fix bug with high exploitation risk

Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. [...]

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph…

Datacenter builds could be shielded from judicial review in UK planning reforms

British government wants to ensure no hold-ups for critical energy and infrastructure projects

Microsoft says cu l8r to text message security

Old, busted, insecure authentication to be replaced with something shinier and safer

'Workforce rebalancing' comes for Kyndryl, and delivery teams are in the firing line

Big Blue spinout eyes up to $500M in savings and agentic AI while insiders grumble it's still 'IBM without the hardware'

AMD says its $4K Ryzen AI Halo workstation practically pays for itself

Assuming you’re vibe coding for 8 hours a day, that is

Agent AI is Coming. Are You Ready?

New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, "identity dark matter…

ESA boss tires of being dragged around by NASA mood swings

Are we pilots or are we passengers? Aschbacher asks

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain…

Caught Off Guard: Securing AI After It Hits Production

As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. The post Caught Off Guard: Securing AI After It Hits Production ap…

Exploit released for new PinTheft Arch Linux root escalation flaw

PinTheft, a recently patched Linux privilege escalation vulnerability, now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileg…

Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actu…

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

Initial assessment says customer data spared while users wonder what else may have slipped out

Real-World ICS Security Tales From the Trenches

SecurityWeek spoke with several ICS security experts and companies about their most memorable experiences in the field. The post Real-World ICS Security Tales From the Trenches app…

Virtual Event Today: Threat Detection & Incident Response Summit

Don't miss this virtual event as we explore how to cut through alert fatigue, leverage AI and unified platforms to accelerate investigations, and apply actionable threat intelligen…

Smaller suppliers invited to pitch for £2.9B UK defense tech framework

Government Commercial Agency wants DIPS 2 to reach beyond MoD buyers and the usual big-name suppliers

GitHub Confirms Hack Impacting 3,800 Internal Repositories

The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3,800 Internal Repositor…