The Breach News

New Bluetooth Flaw Allows Attackers to Eavesdrop on Encrypted Connections

Across the globe, over one billion Bluetooth-enabled devices—including smartphones, laptops, smart IoT devices, and industrial equipment—are exposed to a significant vulnerability that could enable attackers to monitor data exchanged between paired devices. This flaw, known by its designation CVE-2019-9506, stems from weaknesses in the encryption key negotiation protocol used by…

Read MoreNew Bluetooth Flaw Allows Attackers to Eavesdrop on Encrypted Connections

Police Proudly Announce Breach of VPN Used by Criminals Who Thought They Were Secure

European law enforcement authorities have reported a significant breakthrough in cybersecurity operations, successfully infiltrating and dismantling a virtual private network (VPN) service known as First VPN, which was allegedly utilized for ransomware attacks and various criminal activities. This decisive action involved the identification of thousands of users linked to the…

Read MorePolice Proudly Announce Breach of VPN Used by Criminals Who Thought They Were Secure

Project Glasswing Demonstrates AI’s Ability to Identify Bugs—But Who Will Resolve Them?

Title: Anthropic’s Project Glasswing: A Game Changer in Vulnerability Discovery Last week, Anthropic unveiled Project Glasswing, an advanced AI model designed for identifying software vulnerabilities with unprecedented effectiveness. In response to its powerful capabilities, the company has made the unusual decision to delay the public release of the model, providing…

Read MoreProject Glasswing Demonstrates AI’s Ability to Identify Bugs—But Who Will Resolve Them?

5,561 GitHub Repositories Compromised in Megalodon Supply Chain Attack Within Six Hours

In a significant incident reported by cybersecurity experts at SafeDep, a large-scale automated attack targeted the GitHub software platform, affecting 5,561 repositories. Dubbed “Megalodon,” this campaign was able to push 5,718 fraudulent code updates within a rapid six-hour timeframe on May 18, 2026. SafeDep identified this threat through its digital…

Read More5,561 GitHub Repositories Compromised in Megalodon Supply Chain Attack Within Six Hours

Exploitation of LMDeploy CVE-2026-33626 Vulnerability Occurs Within 13 Hours of Announcement

A severe security vulnerability has emerged in LMDeploy, an open-source toolkit designed for compressing, deploying, and serving large language models (LLMs). This flaw, tracked as CVE-2026-33626 with a CVSS score of 7.5, is a Server-Side Request Forgery (SSRF) vulnerability that has been actively exploited less than 13 hours after its…

Read MoreExploitation of LMDeploy CVE-2026-33626 Vulnerability Occurs Within 13 Hours of Announcement

Hackers Infiltrate Webmin, a Widely Used Utility for Linux/Unix Servers, with Backdoor Access

Critical Backdoor Vulnerability Found in Webmin, Exposing Millions of Users to Risk A significant security breach has emerged in the popular open-source web-based system for Unix management, Webmin, following the disclosure of a critical zero-day vulnerability last week. The maintainers of Webmin have confirmed that the flaw was not a…

Read MoreHackers Infiltrate Webmin, a Widely Used Utility for Linux/Unix Servers, with Backdoor Access

A Hacker Collective is Compromising Open Source Code on an Unprecedented Scale

Cybersecurity Landscape Shaken by Surge in Software Supply Chain Attacks In a chilling development for the cybersecurity landscape, the frequency of software supply chain attacks has escalated dramatically, as evidenced by a recent breach involving GitHub. This incident underscores a troubling trend where malicious actors are increasingly compromising legitimate software…

Read MoreA Hacker Collective is Compromising Open Source Code on an Unprecedented Scale

PhantomCore Exploits TrueConf Vulnerabilities to Compromise Russian Networks

In a significant breach, a pro-Ukrainian hacktivist group known as PhantomCore has been linked to a series of cyberattacks targeting TrueConf video conferencing servers in Russia since September 2025. This revelation stems from a detailed report released by Positive Technologies, highlighting that PhantomCore exploited a chain of three specific vulnerabilities…

Read MorePhantomCore Exploits TrueConf Vulnerabilities to Compromise Russian Networks