The Breach News

GitHub Internal Repositories Compromised by Malicious Nx Console VS Code Extension

GitHub has confirmed a significant breach of its internal repositories, attributed to a compromised employee device that was infected with a malicious version of the Nx Console, a Microsoft Visual Studio Code extension. This incident underscores the vulnerabilities present in commonly used development tools, raising concerns among software developers and…

Read MoreGitHub Internal Repositories Compromised by Malicious Nx Console VS Code Extension

New Exploit Unveiled for MikroTik Router WinBox Vulnerability Granting Complete Root Access

Critical Vulnerability Discovered in MikroTik Routers: Security Risks on the Rise Recent developments in cybersecurity have uncovered a significant vulnerability in MikroTik routers that poses an alarming threat to users and businesses alike. Initially identified and patched shortly after its discovery in April 2023, this flaw, designated as CVE-2018-14847, has…

Read MoreNew Exploit Unveiled for MikroTik Router WinBox Vulnerability Granting Complete Root Access

DragonForce Ransomware Exploits Microsoft Teams to Conceal Malicious Activity

Cybercriminals associated with the DragonForce ransomware group have recently infiltrated a U.S.-based service firm, employing Microsoft Teams’ relay infrastructure to mask their malicious activities effectively. Research conducted by teams from Broadcom’s Symantec and Carbon Black has revealed that the attackers leveraged a newly discovered, specially crafted backdoor to disguise their…

Read MoreDragonForce Ransomware Exploits Microsoft Teams to Conceal Malicious Activity

Severe Gogs RCE Vulnerability Allows Any Authenticated User to Execute Arbitrary Code

A significant security vulnerability has emerged in Gogs, an open-source self-hosted Git service, allowing authenticated users to execute arbitrary code under specific conditions. This flaw, rated 9.4 on the CVSS scale, has not yet been assigned a Common Vulnerabilities and Exposures (CVE) identifier, raising concerns about its oversight in the…

Read MoreSevere Gogs RCE Vulnerability Allows Any Authenticated User to Execute Arbitrary Code

Unstoppable: The Rise of Risky AI Models

Emerging AI Cybersecurity Models Raise Concerns Among Experts The cybersecurity landscape is rapidly shifting as organizations like Anthropic unveil advanced AI models designed to enhance security measures. Tarah Wheeler, chief security officer of TPO Group, cautions against the assumption that Anthropic’s innovations are unique. She suggests other companies may already…

Read MoreUnstoppable: The Rise of Risky AI Models

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Compromise Universities

In a significant cybersecurity breach, the ShinyHunters group has exploited a previously unaddressed vulnerability in Oracle PeopleSoft to infiltrate enterprise systems. Their campaign has primarily targeted universities, leveraging the exploit to extract sensitive data while demanding ransom payments for its confidentiality. The operation was observed between May 27 and June…

Read MoreShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Compromise Universities

LibSSH Vulnerability Enables Hackers to Seize Control of Servers Without a Password

A critical vulnerability has emerged in the Secure Shell (SSH) library, Libssh, potentially allowing unauthorized access to vulnerable servers for the past four years. This issue, referred to as CVE-2018-10933, enables attackers to bypass authentication methods entirely, granting them administrative control without requiring a password. This authentication bypass vulnerability was…

Read MoreLibSSH Vulnerability Enables Hackers to Seize Control of Servers Without a Password

UK to Use Face Scans on Asylum Seekers for Age Verification, Acknowledging Tech Limitations

The Home Office has stated that its implementation of face scanning technology is intended to serve as an “additional” resource for border personnel, emphasizing that it will not “supersede or undermine human judgment.” However, the department has not clarified how this technology will be applied in practical situations. According to…

Read MoreUK to Use Face Scans on Asylum Seekers for Age Verification, Acknowledging Tech Limitations