The Breach News

Four New ‘Wormable’ Windows Remote Desktop Vulnerabilities Discovered, Similar to BlueKeep

Business owners using supported versions of the Windows operating system are urged to immediately install the latest security updates from Microsoft to mitigate a critical set of vulnerabilities recently identified. These vulnerabilities, four in total, are concerning due to their wormable nature, enabling remote code execution via Remote Desktop Services…

Read MoreFour New ‘Wormable’ Windows Remote Desktop Vulnerabilities Discovered, Similar to BlueKeep

Texas AG Files Lawsuit Against Meta Over WhatsApp’s End-to-End Encryption Claims

The Texas Attorney General has initiated legal action against Meta, asserting that the company’s WhatsApp messaging platform, which boasts over 3 billion users, does not deliver the end-to-end encryption (E2EE) it has consistently advertised. This controversy centers around the definition of E2EE, which is designed to ensure that messages are…

Read MoreTexas AG Files Lawsuit Against Meta Over WhatsApp’s End-to-End Encryption Claims

Vercel Discovers Additional Compromised Accounts from Context.ai-Related Breach

Vercel has disclosed that it recently identified additional customer accounts that were compromised in a significant security incident that resulted in unauthorized access to its internal systems. This revelation follows an extensive investigation which broadened to include various compromise indicators, along with an analysis of network requests and logs detailing…

Read MoreVercel Discovers Additional Compromised Accounts from Context.ai-Related Breach

New Bluetooth Flaw Allows Attackers to Eavesdrop on Encrypted Connections

Across the globe, over one billion Bluetooth-enabled devices—including smartphones, laptops, smart IoT devices, and industrial equipment—are exposed to a significant vulnerability that could enable attackers to monitor data exchanged between paired devices. This flaw, known by its designation CVE-2019-9506, stems from weaknesses in the encryption key negotiation protocol used by…

Read MoreNew Bluetooth Flaw Allows Attackers to Eavesdrop on Encrypted Connections

Police Proudly Announce Breach of VPN Used by Criminals Who Thought They Were Secure

European law enforcement authorities have reported a significant breakthrough in cybersecurity operations, successfully infiltrating and dismantling a virtual private network (VPN) service known as First VPN, which was allegedly utilized for ransomware attacks and various criminal activities. This decisive action involved the identification of thousands of users linked to the…

Read MorePolice Proudly Announce Breach of VPN Used by Criminals Who Thought They Were Secure

Project Glasswing Demonstrates AI’s Ability to Identify Bugs—But Who Will Resolve Them?

Title: Anthropic’s Project Glasswing: A Game Changer in Vulnerability Discovery Last week, Anthropic unveiled Project Glasswing, an advanced AI model designed for identifying software vulnerabilities with unprecedented effectiveness. In response to its powerful capabilities, the company has made the unusual decision to delay the public release of the model, providing…

Read MoreProject Glasswing Demonstrates AI’s Ability to Identify Bugs—But Who Will Resolve Them?

5,561 GitHub Repositories Compromised in Megalodon Supply Chain Attack Within Six Hours

In a significant incident reported by cybersecurity experts at SafeDep, a large-scale automated attack targeted the GitHub software platform, affecting 5,561 repositories. Dubbed “Megalodon,” this campaign was able to push 5,718 fraudulent code updates within a rapid six-hour timeframe on May 18, 2026. SafeDep identified this threat through its digital…

Read More5,561 GitHub Repositories Compromised in Megalodon Supply Chain Attack Within Six Hours

Exploitation of LMDeploy CVE-2026-33626 Vulnerability Occurs Within 13 Hours of Announcement

A severe security vulnerability has emerged in LMDeploy, an open-source toolkit designed for compressing, deploying, and serving large language models (LLMs). This flaw, tracked as CVE-2026-33626 with a CVSS score of 7.5, is a Server-Side Request Forgery (SSRF) vulnerability that has been actively exploited less than 13 hours after its…

Read MoreExploitation of LMDeploy CVE-2026-33626 Vulnerability Occurs Within 13 Hours of Announcement