GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise - 惯性聚合

推荐订阅源

Threat Intelligence Blog | Flashpoint

Proofpoint News Feed

Lohrmann on Cybersecurity

Secure Thoughts

Attack and Defense Labs

人人都是产品经理

Stack Overflow Blog

博客园 - Franky

Microsoft Azure Blog

Tor Project blog

Microsoft Security Blog

aimingoo的专栏

Security Latest

Hacker News: Front Page

Google Online Security Blog

Privacy & Cybersecurity Law Blog

Cyber Security Advisories - MS-ISAC

Darknet – Hacking Tools, Hacker News & Cyber Security

李成银的技术随笔

Full Disclosure

Fortinet All Blogs

The Exploit Database - CXSecurity.com

WordPress大学

IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog

Visual Studio Blog

Java Code Geeks

博客园 - 三生石上(FineUI控件)

Google Developers Blog

博客园 - 司徒正美

Engineering at Meta

Last Week in AI

Palo Alto Networks Blog

宝玉的分享

True Tiger Recordings

News and Events Feed by Topic

酷壳 – CoolShell

Cisco Talos Blog

News | PayPal Newsroom

SegmentFault 最新的问题

Help Net Security

Authorities dismantle First VPN, used by ransomware actors Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) Virtru centers file collaboration around data-level protection ASAPP expands adversarial testing for enterprise AI systems Tenable Hexa AI automates remediation across attack surfaces Riverbed introduces new Aternity tools for autonomous IT operations Forward launches Predict to test network changes before deployment CTERA brings AI insights and automation for unstructured data Terra adds continuous network exploitation validation to its platform Why AI changed the threat model for travel technology Most dark web activity revolves around a handful of topics AI red teaming agents change how LLMs get tested Product showcase: Bitdefender Mobile Security for iOS protects privacy where scams begin Cyber threats push SMBs to spend more on security Webworm APT targets European government organizations with new backdoors Verizon DBIR: Vulnerability exploitation is the dominant initial access vector NanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw FBI: $388 million lost in crypto ATM scams in 2026 ArmorCode gives security teams AI workers for exposure and remediation Novata uses AI to map risk across portfolios and supply chains TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Trust3 AI focuses on AI agent risks with MCP Security layer Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals Darwinium updates mobile SDKs to detect remote access scam activity Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) Communicating cyber risk in dollars boards understand CVE Lite CLI: Open-source dependency vulnerability scanner When your AI assistant has the keys to production 7 hard truths security pros should know: 2026 DevOps Threats Report What happens when your identity provider becomes the kill chain PureLogs infostealer is stealing credentials worldwide Selector extends AI-driven observability into multi-cloud environments LaunchDarkly adds real-time controls for AI agents in production Canonical ships Ubuntu Core 26 with 15 years of security maintenance New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain The end of unencrypted Discord calls is here Babel Street targets AI-driven threats with new agentic investigation capabilities iProov brings identity verification to video meetings to reduce fraud risks Egnyte unveils Email Capture and AI features to unify fragmented data Public Instagram posts provide raw material for AI phishing campaigns Earbud sensors can authenticate users by their heartbeat, study finds AI infrastructure is cracking under sovereignty demands Cybersecurity jobs available right now: May 19, 2026 AI is drowning software maintainers in junk security reports Game over for 74 suspected scammers after Dutch cops plastered their faces on billboards Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) SmartBear expands ReadyAPI with AI-powered API testing capabilities Attackers accessed, downloaded code from Grafana Labs’ GitHub 201 arrested in INTERPOL disruption of phishing and fraud networks The AI backdoor your security stack is not built to see Lyrie: Open-source autonomous pentesting agent AI shrinks vulnerability exploitation window to hours Product showcase: McAfee + ChatGPT integration turns doubt into a scam check When ransomware hits, confidence doesn’t restore endpoints Debian 13.5 point release lands with security fixes, bug patches Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited Google lets Workspace admins apply one policy across all SAML apps Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182) Akamai to acquire LayerX for $205 million Thieves unlock stolen iPhones using cheap tools sold on Telegram Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) Rocky Linux launches opt-in security repository for urgent fixes Keycard helps developers secure autonomous AI agents with scoped access Deepfake detection is losing ground to generative models Zombie linkages are keeping expired domains trusted for years The AI oversight paradox: Is the investment worth the cost of watching it? New infosec products of the week: May 15, 2026 Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) HYCU aiR detects insider risk and AI activity from backups Cofense adds AI-powered campaign detection to stop phishing attacks Microsoft’s WinUI agent plugin trims token use by over 70% during development Microsoft turns Copilot Studio into an AI agent control center AI cyber capability is speeding past earlier projections CERN’s open source KiCad library gives the world 17,000 circuit board components Vector embedding security gap exposes enterprise AI pipelines Closing the AI governance gap in your enterprise Over 70% of organizations hit by identity breaches Machine identities outnumber humans 109 to 1 WhatsApp adds Incognito Chat for private Meta AI conversations Signal responds to phishing attacks with new in-app security warnings Tuskira’s Kairo exposes hidden AI-driven breach paths Apricorn hardens ASK3 encrypted USB drive for extreme conditions KDE gets over €1 million investment to strengthen security and core infrastructure Microsoft’s agentic security system found four critical Windows RCE flaws Versa CSPM brings continuous visibility to cloud risk and compliance exposure NetSPI AI-powered Continuous Pentesting identifies high-impact vulnerabilities Sandyaa: Open-source autonomous security bug hunter The hidden risk of non-human identities in AI adoption Researchers open-source a Wi-Fi cyber range for security training Android pushes new scam, theft, and AI protections in 2026 update wave Fedora Hummingbird brings the container security model to a Linux host OS Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days SAP unveils Autonomous Enterprise for AI-driven business operations Exaforce raises $125 million to respond to AI-powered attacks Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) ThreatDown ITDR prevents credential-based attacks Amazon Quick authorization bypass let users reach blocked AI chat agents Veeam Intelligent ResOps unifies data context and recovery Instructure took a risky approach to recover stolen Canvas data General Motors to pay $12.75 million over driver data sales

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise

Zeljka Zorz · 2026-05-21 · via Help Net Security

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。