Aggregator

Grafana Labs has disclosed a targeted ransomware-linked breach of its GitHub environment, traced to a broader TanStack npm supply chain compromise associated with the “Mini Shai-Hulud” campaign. The incident, detected on May 11, 2026, involved unauthorized access to internal repositories and culminated in a ransom demand issued on May 16 under threat of data disclosure. […]

The post Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware appeared first on Cyber Security News.

You must login to view this content

A critical vulnerability chain affecting Pardus Linux has been disclosed, allowing local users to gain full root privileges without authentication. The issue, assigned a CVSS v3.1 score of 9.3, impacts the pardus-update package, a core component responsible for system updates in the Debian-based distribution maintained by TÜBİTAK. Pardus is widely deployed across government institutions, educational […]

The post Pardus Linux Local Privilege Escalation Flaw Allows Silent Root Access appeared first on Cyber Security News.

A critical vulnerability in the open-source IP PBX platform FreePBX could allow unauthenticated attackers to access user portals. The issue, tracked as CVE-2026-46376, affects the User Control Panel (UCP) interface due to hard-coded credentials in the userman module. It impacts FreePBX versions before 16.0.45 and 17.0.7. Systems running outdated versions are at risk if administrators […]

The post FreePBX Vulnerability Allow Attackers to Gain Access to User Portals appeared first on Cyber Security News.

Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the top spot in the report’s 19-year history, the company noted. Known initial access vectors over time (Source: Verizon 2026 DBIR) What is Verizon DBIR? Published annually, Verizon’s DBIR is based on the analysis of real-world data … More →

The post Verizon DBIR: Vulnerability exploitation is the dominant initial access vector appeared first on Help Net Security.

ExifTool, a ubiquitous open-source utility for reading and writing file metadata, is at the center of a severe security flaw affecting macOS environments. Discovered by Kaspersky’s Global Research and Analysis Team (GReAT) in February 2026, CVE-2026-3102 allows threat actors to execute arbitrary shell commands by concealing malicious instructions within an image file’s metadata. By weaponizing […]

The post Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image appeared first on Cyber Security News.

NanoCo announced a $12 million seed round, alongside the commercial launch of a professional assistant built on its open-source agent framework NanoClaw. Valley Capital Partners led the round. Docker, Vercel, monday.com, Slow Ventures, Clutch Capital, Factorial Capital, and Hugging Face CEO Clem Delangue participated. NanoCo founders (Photo by Ran Bergman) From open source traction to enterprise product NanoClaw launched as an open source project in February 2026. It has since collected nearly 29,000 GitHub stars … More →

The post NanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw appeared first on Help Net Security.