The Breach News

Project Glasswing Demonstrates AI’s Ability to Identify Bugs—But Who Will Resolve Them?

Title: Anthropic’s Project Glasswing: A Game Changer in Vulnerability Discovery Last week, Anthropic unveiled Project Glasswing, an advanced AI model designed for identifying software vulnerabilities with unprecedented effectiveness. In response to its powerful capabilities, the company has made the unusual decision to delay the public release of the model, providing…

Read MoreProject Glasswing Demonstrates AI’s Ability to Identify Bugs—But Who Will Resolve Them?

5,561 GitHub Repositories Compromised in Megalodon Supply Chain Attack Within Six Hours

In a significant incident reported by cybersecurity experts at SafeDep, a large-scale automated attack targeted the GitHub software platform, affecting 5,561 repositories. Dubbed “Megalodon,” this campaign was able to push 5,718 fraudulent code updates within a rapid six-hour timeframe on May 18, 2026. SafeDep identified this threat through its digital…

Read More5,561 GitHub Repositories Compromised in Megalodon Supply Chain Attack Within Six Hours

Exploitation of LMDeploy CVE-2026-33626 Vulnerability Occurs Within 13 Hours of Announcement

A severe security vulnerability has emerged in LMDeploy, an open-source toolkit designed for compressing, deploying, and serving large language models (LLMs). This flaw, tracked as CVE-2026-33626 with a CVSS score of 7.5, is a Server-Side Request Forgery (SSRF) vulnerability that has been actively exploited less than 13 hours after its…

Read MoreExploitation of LMDeploy CVE-2026-33626 Vulnerability Occurs Within 13 Hours of Announcement

Hackers Infiltrate Webmin, a Widely Used Utility for Linux/Unix Servers, with Backdoor Access

Critical Backdoor Vulnerability Found in Webmin, Exposing Millions of Users to Risk A significant security breach has emerged in the popular open-source web-based system for Unix management, Webmin, following the disclosure of a critical zero-day vulnerability last week. The maintainers of Webmin have confirmed that the flaw was not a…

Read MoreHackers Infiltrate Webmin, a Widely Used Utility for Linux/Unix Servers, with Backdoor Access

A Hacker Collective is Compromising Open Source Code on an Unprecedented Scale

Cybersecurity Landscape Shaken by Surge in Software Supply Chain Attacks In a chilling development for the cybersecurity landscape, the frequency of software supply chain attacks has escalated dramatically, as evidenced by a recent breach involving GitHub. This incident underscores a troubling trend where malicious actors are increasingly compromising legitimate software…

Read MoreA Hacker Collective is Compromising Open Source Code on an Unprecedented Scale

PhantomCore Exploits TrueConf Vulnerabilities to Compromise Russian Networks

In a significant breach, a pro-Ukrainian hacktivist group known as PhantomCore has been linked to a series of cyberattacks targeting TrueConf video conferencing servers in Russia since September 2025. This revelation stems from a detailed report released by Positive Technologies, highlighting that PhantomCore exploited a chain of three specific vulnerabilities…

Read MorePhantomCore Exploits TrueConf Vulnerabilities to Compromise Russian Networks

Checkmarx Confirms GitHub Repository Data Leaked on Dark Web Following March 23 Attack

Checkmarx, an Israeli security firm, has reported a significant data breach associated with a supply chain vulnerability that exposed sensitive information on the dark web. The investigation traced this unauthorized access back to a cyberattack on March 23, 2026, which compromised the company’s GitHub repository. According to Checkmarx, preliminary findings…

Read MoreCheckmarx Confirms GitHub Repository Data Leaked on Dark Web Following March 23 Attack