Drupal critical update to fix bug with high exploitation risk
Drupal has announced a “core security release” scheduled for later today, warning that threat actors might develop exploits within hours
Grafana breach caused by missed token rotation after TanStack attack
The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the
Identity Alone Isn’t Enough: Why Device Security Has to Share the Load
Identity has long been the load-bearing wall of cybersecurity. The logic was simple: verify the employee, secure the access. But
GitHub investigates internal repositories breach claimed by TeamPCP
Update May 20, 04:17 EDT: GitHub has now confirmed the breach of ~3,800 internal repositories after an employee installed a malicious VS
GitHub confirms breach of 3,800 repos via malicious VSCode extension
GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code
Microsoft shares mitigation for YellowKey Windows zero-day
Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. The