-
Novee Security reveals Cordyceps, a CI/CD vulnerability in GitHub Actions workflows that let anonymous users poison builds and expose tokens across major projects today.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
AI has changed academic fraud. It now creates original-looking work, fake sources, and hidden misconduct that schools must learn to detect.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design: it collected the user’s email address and did nothing else. The point was to show
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31, 2030; digital signatures by December 31, 2031. EO 14409 leaves national security systems on a separate track. The deadlines matter because of a threat that does not
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow” trigger to run malicious code with the workflow’s full privileges. Effective June 18, 2026, the latest version of “actions/checkout,” the official GitHub action for checking out a repository into the
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A pervasive CI/CD vulnerability pattern dubbed “Cordyceps” reveals a supply chain vulnerability that lets unauthenticated attackers seize control of Git-based workflows and, by extension, the software artifacts they produce. The issue is not a single bug in GitHub or any one tool; it is a systemic class of insecure workflow compositions. Command injection, broken authentication […]
The post Cordyceps Supply chain Vulnerability Impacting Code Repositories at thousands of Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security incident involving the third-party platform Klue has resulted in unauthorized access to limited customer data in LastPass. The breach occurred after attackers compromised OAuth tokens associated with enterprise integrations. This incident, disclosed by LastPass, underscores the ongoing risks related to SaaS integrations and token-based authentication in today’s enterprise environments. LastPass Customer Data Exposed […]
The post LastPass Customer Data Exposed in Klue Supply Chain Attack Using Stolen OAuth Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Five Eyes cyber security agencies have issued a joint warning that artificial intelligence is rapidly accelerating cyber threats, including the exploitation of zero day vulnerabilities, and urged organizations to act immediately. In a statement released on June 22, 2026, senior leaders from agencies across the United States, United Kingdom, Canada, Australia, and New Zealand […]
The post Five Eyes Agencies Warn AI Is Accelerating Cyber Threats and Zero-Day Exploitation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated campaign by the actor tracked as “Dropping Elephant” that uses a China-themed decoy document and a heavily reworked, in-memory remote access trojan (RAT). The intrusion chain combines classic living-off-the-land techniques with modern in-memory execution: an LNK shortcut spawns an obfuscated PowerShell downloader, which stages artifacts in C:\Users\Public, then leverages DLL side‑loading. A legitimate […]
The post Dropping Elephant Hackers Use China-Themed Loader Chain to Deploy In-Memory RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A series of critical vulnerabilities in the widely used open-source LLMOps platform Dify, which powers over one million AI applications. These vulnerabilities, collectively referred to as “DifyTap,” include four flaws, two rated as critical and two that require no authentication. They expose cross-tenant data leakage risks, allowing attackers to access private AI conversations, preview sensitive […]
The post DifyTap Flaws Expose AI Data Across Tenants on Platform Powering 1M+ Apps appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
