PostgreSQL backup tool gets some backup of its own after sole maintainer sounds alarm
AWS, Percona, Supabase, pgEdge, and Tiger Data rally round pgBackRest with funding pledge
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
London's police asked Big Tech for comms data over 700,000 times last year
A Freedom of Information Act request shows the extent of the surveillance
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-20…
ZTE releases Sustainability Report 2025: driving a new chapter in sustainable development through AI
Through its "All in AI, AI for All" vision, ZTE surpasses climate targets, bridges the global digital divide, and strengthens governance resilience
GitHub confirms breach of 3,800 repos via malicious VSCode extension
GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. [...]
Microsoft shares mitigation for YellowKey Windows zero-day
Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. [...]
Interpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle East
While the numbers are modest, the crackdown on cybercrime involved 13 countries in the MENA region, the largest law enforcement collaboration to date.
Space factories edge closer after experimental capsule survives hypersonic landing
Varda hails success of autonomous touchdown tech and celebrates heat data haul
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of …
GitHub investigates internal repositories breach claimed by TeamPCP
GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code. [...…
Google Cloud suspended major customer Railway.com without cause, causing outage
This is the service we get when we spend $10m plus? asks automated code deployment outfit
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and i…
What It'll Take to Make AI BOMs Usable in a Modern Security Program
Five ways CISOs can prepare for consuming AI bills of materials and influence the direction of how they're generated.
AI sackings reach New Zealand, which will use it to eject 14 percent of government staff
Minister demands AI becomes ‘basic expectation for all public entities’
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector
Verizon’s 2026 DBIR finds vulnerability exploitation has overtaken credential abuse as the leading breach vector, as AI accelerates attacks, patching delays worsen, and ransomware …
Anthropic’s Stainless steal tightens grip on AI dev tooling
Claude maker nabs SDK and MCP tooling biz, plans to sunset platform
Max-severity flaw in ChromaDB for AI apps allows server hijacking
A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. [...]
What Will Make AI BOMs Real?
A brief overview of the forces at play that will get more organizations on board with creating and consuming AI bill of materials (BOM).
Google accused of pushing 'free for life' G Suite users onto paid plans
Users claim personal family domains are being falsely flagged for commercial use, leaving long-time G Suite Legacy customers facing a pay-up-or-lose-access ultimatum
Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
'Thousands' of US victims, including 12+ machines owned and operated by Redmond
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
Verizon's 2026 Data Breach Investigations Report (DBIR) finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys.
Cybercrime service disrupted for abusing Microsoft platform to sign malware
Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to generate fraudulent code-signing certificates…
Frustrated franchisee sues Pizza Hut over crappy kitchen AI
The group claims $100M in losses from flubby system
Windows Zero-Day Barrage Continues After Patch Tuesday
YellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks.
Google touts its tokenmaxxing and capex spending amid AI orgy
Chocolate Factory readies always-on agents for searchers
Discord rolls out end-to-end encryption on voice, video calls
Discord announced that all voice and video calls through the communication platform are now protected by default with end-to-end encryption (E2EE). [...]
Wireless security is a battle of AI vs. AI
Eighty-five percent of organizations have experienced at least one wireless security incident in the last 12 months, while 58% have suffered financial losses, with half of them tal…
CISA Exposes Secrets, Credentials in 'Private' Repo
The agency's GitHub repository, publicly available since November 2025, was ironically named "Private-CISA."
FBI: Americans lost over $388 million to scams using crypto ATMs in 2025
The FBI says Americans have lost over $388 million last year to scams using cryptocurrency kiosks, also known as crypto ATMs or Bitcoin ATMs. [...]
Microsoft Self-Service Password Reset abused in Azure data theft attacks
A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features. [...]