SecOps News

Get this as an RSS feed

  • HackerOne takes an axe to its bug bounty rewards (4 minutes ago)
  • Google accidentally exposed details of unfixed Chromium flaw (1 hours ago)
  • Defenders fall behind, as AI rewrites the rules of a data breach (2 hours ago)
  • Deus ex machina: Half of US Christians trust AI’s spiritual advice (2 hours ago)
  • Apple blocked over $11 billion in App Store fraud in 6 years (4 hours ago)
  • Passkeys, Permissions Policy and Bug Hunting in 1Password’s WebAuthn Wrapper (4 hours ago)
  • Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor (5 hours ago)
  • Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet (5 hours ago)
  • Chinese hackers target telcos with new Linux, Windows malware (5 hours ago)
  • Max severity Cisco Secure Workload flaw gives Site Admin privileges (5 hours ago)
  • Police seize “First VPN” service used in ransomware, data theft attacks (6 hours ago)
  • Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach (7 hours ago)
  • Cisco Patches Critical Vulnerability in Secure Workload (7 hours ago)
  • ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories (7 hours ago)
  • Ocean Emerges From Stealth With $28M for Agentic Email Security Platform (7 hours ago)
  • Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw (8 hours ago)
  • Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention (8 hours ago)
  • Flipper One project needs community help to build open Linux platform (8 hours ago)
  • Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking (8 hours ago)
  • Microsoft Warns of Two Actively Exploited Defender Vulnerabilities (8 hours ago)
  • Socket Raises $60 Million at $1 Billion Valuation (8 hours ago)
  • When Identity is the Attack Path (9 hours ago)
  • Microsoft storms RAMPART, adds Clarity to agentic AI safety (9 hours ago)
  • Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days (9 hours ago)
  • Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI (9 hours ago)
  • Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility (11 hours ago)
  • Microsoft warns of new Defender zero-days exploited in attacks (11 hours ago)
  • 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros (11 hours ago)
  • Zombie user account let hackers control the city’s water (12 hours ago)
  • GitHub links repo breach to TanStack npm supply-chain attack (12 hours ago)
  • Dragonica Lunaris - 126,293 breached accounts (14 hours ago)
  • GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension (15 hours ago)
  • Windows93 / Myspace93 - 46,105 breached accounts (15 hours ago)
  • Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks (15 hours ago)
  • Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers (20 hours ago)
  • Ukraine identifies infostealer operator tied to 28,000 stolen accounts (21 hours ago)
  • Hackers bypass SonicWall VPN MFA due to incomplete patching (22 hours ago)
  • Even Claude agrees: hole in its sandbox was real and dangerous (22 hours ago)
  • Incident with Actions (23 hours ago)
  • Fedora: Microsoft is all aboard, but Deepin is dumped (1 days ago)
  • Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development (1 days ago)
  • Bye-bye, Gemini CLI; Google’s gone and swapped you for a closed-source AI (1 days ago)
  • Grafana breach caused by missed token rotation after TanStack attack (1 days ago)
  • Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution (1 days ago)
  • Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass (1 days ago)
  • Your ‘Meet the Team’ Page: The Security Risks of Corporate Visibility (1 days ago)
  • Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks (1 days ago)
  • 101 Ways to Engage Your Colleagues in Data Protection (1 days ago)
  • Identity Alone Isn’t Enough: Why Device Security Has to Share the Load (1 days ago)
  • Drupal critical update to fix bug with high exploitation risk (1 days ago)
  • Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API (1 days ago)
  • Open-Sourcing passkeys-php: A Security-Focused WebAuthn Library for PHP (1 days ago)
  • Agent AI is Coming. Are You Ready? (1 days ago)
  • GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos (1 days ago)
  • Exploit released for new PinTheft Arch Linux root escalation flaw (1 days ago)
  • Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem (1 days ago)
  • GitHub says internal repos exfiltrated after poisoned VS Code extension attack (1 days ago)
  • London’s police asked Big Tech for comms data over 700,000 times last year (1 days ago)
  • FBI warns students and staff that ShinyHunters may come knocking after Canvas breach (1 days ago)
  • Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit (1 days ago)
  • Grafana GitHub Breach Exposes Source Code via TanStack npm Attack (1 days ago)
  • Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware (1 days ago)
  • Frustrated franchisee sues Pizza Hut over crappy kitchen AI (1 days ago)
  • Firefox 151 helps you edit PDFs – and switch OSes (2 days ago)
  • America’s top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames (2 days ago)
  • Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps (2 days ago)
  • Clear your calendar, Drupal user: You have a critically urgent patch to install (2 days ago)
  • Clear your calendar, Drupal user: You have a critically urgent patch to install (2 days ago)
  • DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability (2 days ago)
  • XSS Is Deadly for Passkeys: The Hidden Risk of Attestation None (2 days ago)
  • The New Phishing Click: How OAuth Consent Bypasses MFA (2 days ago)
  • Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare (2 days ago)
  • SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access (2 days ago)
  • Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer (2 days ago)
  • Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials (2 days ago)
  • Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account (2 days ago)
  • CTT - 468,124 breached accounts (2 days ago)
  • Do fear the Reaper - stealer swipes macOS users’ passwords, wallets, then backdoors them (2 days ago)
  • Shai-Hulud copycat worm infects yet another npm package (2 days ago)
  • Addi - 34,532,941 breached accounts (2 days ago)
  • CISA Admin Leaked AWS GovCloud Keys on Github (2 days ago)
  • INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests (3 days ago)
  • Linux kernel flaw opens root-only files to unprivileged users (3 days ago)
  • TanStack weighs invitation-only pull requests after supply chain attack (3 days ago)
  • ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More (3 days ago)
  • NGINX Rift attackers waste no time targeting exposed servers (3 days ago)
  • Poland directs officials to ditch Signal in favor of ‘secure’ state-developed alternative (3 days ago)
  • F-35 software delays leave UK buying time with US glide bombs (3 days ago)
  • Mozilla warns UK: Breaking VPNs will not magically fix Britain’s age-check mess (3 days ago)
  • Passkeys 101: An Introduction to Passkeys and How They Work (3 days ago)
  • PolarProxy 2.0 Released (3 days ago)
  • Grafana Labs admits all its codebase are belong to someone who popped its GitHub account (3 days ago)
  • Weekly Update 504 (3 days ago)
  • Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ (3 days ago)
  • APPLE-SA-05-13-2026-1 Safari 26.5 (3 days ago)
  • APPLE-SA-05-11-2026-11 visionOS 26.5 (3 days ago)
  • APPLE-SA-05-11-2026-10 watchOS 26.5 (3 days ago)
  • APPLE-SA-05-11-2026-9 tvOS 26.5 (3 days ago)
  • APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7 (3 days ago)
  • APPLE-SA-05-11-2026-7 macOS Sequoia 15.7.7 (3 days ago)
  • APPLE-SA-05-11-2026-6 macOS Tahoe 26.5 (3 days ago)
  • APPLE-SA-05-11-2026-5 iOS 15.8.8 and iPadOS 15.8.8 (3 days ago)
  • APPLE-SA-05-11-2026-4 iOS 16.7.16 and iPadOS 16.7.16 (3 days ago)
  • APPLE-SA-05-11-2026-3 iPadOS 17.7.11 (3 days ago)
  • APPLE-SA-05-11-2026-2 iOS 18.7.9 and iPadOS 18.7.9 (3 days ago)
  • APPLE-SA-05-11-2026-1 iOS 26.5 and iPadOS 26.5 (3 days ago)
  • Full disclosure: Impersonation attacks on Edupage portal (3 days ago)
  • Full disclosure: Edupage web and mobile application authorization bypass leaks PII and IBAN codes (3 days ago)
  • Dovecot Security Advisory OXDC-2026-0002 (3 days ago)
  • Anatomy of a WooCommerce Skimmer: A Technical Deep-Dive (6 days ago)
  • OpenAI caught in TanStack npm supply chain chaos after employee devices compromised (6 days ago)
  • Actions is experiencing degraded availability (6 days ago)
  • MPs want social media treated more like unsafe toys than harmless apps (6 days ago)
  • [Retroactive] Incident with GitHub.com (6 days ago)
  • Nobody believes the ‘criminals and scumbags’ who hacked Canvas really deleted stolen student data (6 days ago)
  • Sick and wrong: Ontario auditors find doctors’ AI note takers routinely blow basic facts (6 days ago)
  • Suspected Dream Market kingpin arrested after gold bars sent to his home address (6 days ago)
  • ROCs and SAQs: Which PCI DSS Compliance Validation Route Applies to Your Business? (7 days ago)
  • Cops arrest man suspected of being Dream Market kingpin (7 days ago)
  • When ransomware gets physical: cybercriminals turn to threats of violence (7 days ago)
  • Welcoming the Bahamian Government to Have I Been Pwned (7 days ago)
  • Abrigo - 711,099 breached accounts (7 days ago)
  • Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities (7 days ago)
  • Google’s AI-enabled mouse pointer understands ‘this’ and ‘that’ (7 days ago)
  • Anthropic butts in to small business, promises help with payroll and other core tasks (7 days ago)
  • Incident with CodeQL (8 days ago)
  • South Staffordshire Water Fined Nearly £1 Million for Data Breach (8 days ago)
  • dBase debased: Database titan fades to black after 47 years (8 days ago)
  • Canada Life - 237,810 breached accounts (8 days ago)
  • Patch Tuesday, May 2026 Edition (8 days ago)
  • Incident with CodeQL, Webhooks, Notifications, and Slack Integration (9 days ago)
  • EU browser choice rules send millions more users Firefox’s way (9 days ago)
  • GDPR FAQ (9 days ago)
  • Cushman & Wakefield - 310,431 breached accounts (9 days ago)
  • Welcoming the Bangladesh Government to Have I Been Pwned (9 days ago)
  • Rodent-obsessed developer creates Ratty to bring 3D graphics to the command line (9 days ago)
  • Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator (10 days ago)
  • ISO 42001 and AI Governance FAQ (10 days ago)
  • PCI DSS FAQ (10 days ago)
  • Incident with high errors on Git Operations (10 days ago)
  • SOC 2 FAQ (10 days ago)
  • ISO 27001 FAQ (10 days ago)
  • Under Attack: Responding to the Rise of Info-Stealer Threats (10 days ago)
  • Data Retention for Regulated Industries: Why it Requires More Than a Blanket Approach (10 days ago)
  • Classic Outlook’s Quick Steps trip over Microsoft bug (10 days ago)
  • Welcoming the Costa Rican Government to Have I Been Pwned (10 days ago)
  • Weekly Update 503 (10 days ago)
  • macOS 27 threatens to bury Time Capsule, FOSS brings a shovel (12 days ago)
  • One in eight UK workers has sold their company passwords, and bosses think it’s fine (13 days ago)
  • Inside Department 4: Russia’s secret school for hackers (13 days ago)
  • Remcos Alerts from FlowCarp in EveBox (13 days ago)
  • Sri Lanka makes 37 arrests as it raids another scam centre (13 days ago)
  • Zara - 197,376 breached accounts (13 days ago)
  • Canvas Breach Disrupts Schools & Colleges Nationwide (13 days ago)
  • NHS code clampdown draws open source backlash (14 days ago)
  • CCR and CCA failing to start for PR comments (14 days ago)
  • Woflow - 447,593 breached accounts (14 days ago)
  • Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired (14 days ago)
  • Incident with Pull Requests (15 days ago)
  • Disruption with some GitHub services (15 days ago)
  • Firefox integrates an ad-blocker, but not to block ads (15 days ago)
  • LegionProxy - 10,144 breached accounts (15 days ago)
  • Incident with Actions, we are investigating reports of degraded availability (15 days ago)
  • Weekly Update 502 (15 days ago)
  • OpenAI exec says company hopes to burn $50B of somebody else’s money on compute this year (15 days ago)
  • Astera speaks softly and carries a big switch (15 days ago)
  • Anthropic wants Claude to play with money, unleashes finance agents (15 days ago)
  • Increased Latency and Failures for SSH Git Operations (16 days ago)
  • IBM asks DBAs to trust AI to act on their behalf (16 days ago)
  • Incident with Actions (16 days ago)
  • ServiceNow clears agents for landing with new AI control tower (16 days ago)
  • Bun posts Rust porting guide, says rewrite is still half-baked (16 days ago)
  • SAP dives deeper into Iceberg with Dremio acquisition (16 days ago)
  • Brit mathematician lets AI agent loose with credit card – cue password leaks, CAPTCHA chaos and more (16 days ago)
  • Vimeo - 119,167 breached accounts (16 days ago)
  • Incident with Issues and Webhooks (17 days ago)
  • FlowCarp Identifies Protocols (17 days ago)
  • Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition (17 days ago)
  • Reborn Gaming - 126 breached accounts (17 days ago)
  • Marcus & Millichap - 1,837,078 breached accounts (17 days ago)
  • ZenBusiness - 5,118,184 breached accounts (19 days ago)
  • Incomplete pull request results in repositories (20 days ago)
  • Aman - 215,563 breached accounts (20 days ago)
  • Anti-DDoS Firm Heaped Attacks on Brazilian ISPs (21 days ago)
  • Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats (21 days ago)
  • Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions (21 days ago)
  • Alleged Silk Typhoon hacker extradited to the United States to face charges (22 days ago)
  • Disruption with some GitHub services (23 days ago)
  • French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches (23 days ago)
  • Weekly Update 501 (23 days ago)
  • Pitney Bowes - 8,243,989 breached accounts (23 days ago)
  • GitHub search is degraded (23 days ago)
  • Disruption with some GitHub services (24 days ago)
  • ADT - 5,488,888 breached accounts (24 days ago)
  • Udemy - 1,401,259 breached accounts (24 days ago)
  • Delays with Actions Jobs for Larger Runners using VNet Injection in the East US region (26 days ago)
  • Carnival - 7,531,359 breached accounts (27 days ago)
  • Incident with Pull Requests (27 days ago)
  • Disruption with users unable to start Claude and Codex agent task from the web (27 days ago)
  • Incident with multiple GitHub services (28 days ago)
  • Investigating errors on GitHub (28 days ago)
  • Disruption with some GitHub services (28 days ago)
  • Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not (28 days ago)
  • Disruption with Copilot chat and Copilot Coding Agent (29 days ago)
  • Security considerations when using Passkeys on your website (29 days ago)
  • Disruption with projects service (29 days ago)
  • Weekly Update 500 (29 days ago)