CISA Contractor Leaks GovCloud Keys on GitHub; Microsoft Dismantles 'Fox Tempest' Malware-Signing Service

Massive 'Megalodon' Supply Chain Attack Compromises 5,500+ GitHub Repos to Steal Cloud Credentials

A large-scale supply chain attack named 'Megalodon' has compromised over 5,500 GitHub repositories by injecting malicious GitHub Action workflows. The attack, attributed to the threat actor TeamPCP, occurred within a six-hour window and aimed to exfiltrate a w...

SANS Survey: Government Cybersecurity Crippled by Funding Gaps and Staff Shortages

A new survey from the SANS Institute reveals a critical state for government cybersecurity programs, which are significantly underfunded and understaffed. Only one-third of these initiatives are fully funded, with 63% of respondents citing budget limitations a...

FBI Warns 'Silent Ransom Group' (Luna Moth) is Sending Operatives In-Person to Steal Data

The FBI has issued an alert about the 'Silent Ransom Group,' also known as Luna Moth, a data extortion group that is escalating its tactics to include physical, in-person intrusion. The group initially uses social engineering, impersonating IT support to gain...

Actively Exploited PAN-OS Flaw (CVE-2026-0257) Allows VPN Hijack, CISA Adds to KEV

A medium-severity authentication bypass vulnerability, CVE-2026-0257, in Palo Alto Networks' PAN-OS software is being actively exploited in the wild. The flaw, which has a CVSS score of 7.8, affects the GlobalProtect portal and allows an unauthenticated attack...

Microsoft Faces Community Backlash After Threatening Researcher Over Zero-Day Disclosures

Microsoft is facing widespread criticism from the cybersecurity community after its Digital Crimes Unit publicly threatened legal action against a security researcher known as 'Nightmare Eclipse.' The researcher had published proof-of-concept code for six unpa...

Russia Ramps Up Cyber Espionage to Steal Western Tech Amid Sanctions, EU Officials Warn

Senior intelligence officials from three European nations are warning that Russia has significantly intensified its efforts to steal Western technology and defense secrets through cyber espionage. This escalation is seen as a direct response to the economic pr...

PoC Exploit Released for Critical 9.9 CVSS RCE Flaw in Flowise AI Platform

Proof-of-concept exploit code has been released for a critical remote code execution (RCE) vulnerability in Flowise, a popular open-source platform for building AI applications. The vulnerability, CVE-2026-40933, has a CVSS score of 9.9 and is a one-click flaw...

New Executive Order 14390 Shifts US Federal Focus to Combating Cybercrime Against Citizens

The recently signed Executive Order 14390, 'Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens,' marks a significant shift in U.S. federal cybersecurity policy. The order broadens the government's focus from primarily protecting feder...

TCS Launches Sovereign Cloud in EU to Address AI Data Security and Sovereignty Rules

Tata Consultancy Services (TCS) has launched its SovereignSecure Cloud service in the European Union. This new offering is designed to help organizations in the EU adopt AI and other advanced cloud technologies while adhering to strict data sovereignty regulat...

AI Amplifies Supply Chain Threats, Creating New and Complex Cyber Risks

Update:A new Darktrace report details how AI adoption in manufacturing exposes operational technology (OT) environments to significant cyber risks. The report introduces 'agentic AI systems'—highly autonomous AIs—as a critical new threat vector due to their broad per...

CISA Contractor Leaks AWS GovCloud Keys and Internal System Credentials on Public GitHub Repo

Update:Further investigation into the CISA contractor data leak reveals more critical details. The exposed data included administrative credentials for three AWS GovCloud accounts and plaintext passwords for internal CISA systems, specifically found in a file named '...