Security I wonder what’s in ‘external-secret-repo-creds.yaml’ and ‘AWS-Workspace-Firefox-Passwords.csv’? The US Cybersecurity and Infrastructure Security Agency (CISA) left open a GitHub repository named “Private-CISA” containing plain-text

Patches The org’s staying mum on the details, but Wednesday’s fixes reach back to unsupported 8.9 branches If you use Drupal, get ready to patch

The Trump administration’s shift in tone and approach toward traditional allies has understandably unsettled many nations, raising doubts about U.S. reliability and concerns over dependence

Security While also spoofing all the trusted domains – Apple, Microsoft, and Google – in the same attack A new infostealer variant targets macOS users

Cyber-Crime Plus three other stealers in three other packages, all from the same scumbag A Shai-Hulud copycat has turned up in yet another npm package

Security Plus ModuleJail, a radical proposal for minimizing the impact of similar bugs Another Linux kernel flaw has handed local unprivileged users a way to

Security Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions The TanStack team has documented security

Security Researchers say 18-year-old flaw already being probed and exploited just days after disclosure Exploit attempts are already hammering a newly disclosed NGINX bug dubbed

Security Shift comes amid mounting reports of successful social engineering attacks targeting higher-ups in government The Polish government is urging public officials and “entities within

Security MoD says StormBreaker will plug gap until homegrown SPEAR 3 integration lands Britain’s F-35 fighter fleet is set to carry US-made glide bombs as

Security Firefox maker says the tools are basic security infrastructure, not teenage contraband Mozilla has warned Britain not to turn VPNs into collateral damage in

Cyber-Crime No customer info stolen, no impact to operations, and no blackmail payment Observability outfit Grafana Labs has revealed that an attacker accessed its GitHub

Security Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’ Linux kernel boss Linus Torvalds has

security Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines OpenAI says attackers behind the

Digital Security Conflict is a boon for opportunistic fraudsters. Look out for their ploys. Phil Muncaster 15 May 2026  •  , 5 min. read It

security Parliamentary committee tells ministers online safety regime is failing children and warns ‘no action is not an option’ British MPs are urging the government

FEATURE When Instructure “reached an agreement” with data theft and extortion crew ShinyHunters this week, the education tech giant assured Canvas users after attackers claimed

Security Owe Martin Andresen faces charges in both US and Germany connected with money laundering, claims he sent gold bars directly to his doorstep A