Michele Spagnuolo, 36, a Google security engineer since 2014, is accused of leveraging internal access to Google’s “Year in Search” data to make profitable trades on the Polymarket platform.
Tag: internal
AI, Data Breaches, Endpoint, Exploits, Global Security News, malware
TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)
TeamPCP now operates across three package ecosystems in parallel, it reached GitHub’s own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub. Bottom line up front Three escalations stacked inside a single week. First, GitHub’s CISO Alexis Wales publicly named a malicious Nx Console…
AI, Data Breaches, Endpoint, Exploits, Global Security News, malware
TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)
TeamPCP now operates across three package ecosystems in parallel, it reached GitHub’s own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub. Bottom line up front Three escalations stacked inside a single week. First, GitHub’s CISO Alexis Wales publicly named a malicious Nx Console…
AI, Data Breaches, Global Security News
GitHub links repo breach to TanStack npm supply-chain attack
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week’s TanStack npm supply-chain attack. […]
Data Breaches, Global Security News
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its…
AI, Data Breaches, Endpoint, Global Security News, Government & Policy, malware, Risk Management
GitHub says internal repositories were taken in poisoned VS Code extension attack
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools. The Microsoft-owned company said in posts on X that it detected and contained the…
Data Breaches, Global Security News
GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension
GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000.
AI, Global Security News
GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension
The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories
AI, Data Breaches, Endpoint, Global Security News, malware
A malicious VS code extension just breached GitHub ‘s internal repositories
One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, the platform that hosts the code for most of the world’s software, getting breached through a trojanized plugin for a code editor. But that is exactly what happened, and…
Data Breaches, Global Security News
GitHub confirms breach of 3,800 repos via malicious VSCode extension
GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. […]
AI, Data Breaches, Global Security News
GitHub investigates internal repositories breach claimed by TeamPCP
GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code. […]
AI, Global Security News
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’…
Data Breaches, Global Security News
The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed
The Gentlemen ransomware gang suffered an internal breach in May 2026, exposing victim data, affiliate activity, and backend operations.
AI, Cybersecurity, Data Breaches, Endpoint, Global Security News, Risk Management
Poisoned truth: The quiet security threat inside enterprise AI
As enterprises rush to deploy internal LLMs, AI copilots, and autonomous agents, most security conversations focus on familiar threats: prompt injection, jailbreaks, model abuse, and data exfiltration. But some security leaders argue a quieter risk deserves far more attention: what happens when the model’s understanding of reality itself becomes corrupted. This problem is broadly described…
AI, Data Breaches, Global Security News, malware
DigiCert breached via malicious screensaver file
A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and IoT security. According to DigiCert’s incident report, a threat actor contacted the…
AI, APAC, Global Security News
OpenAI Growth Miss Rattles AI Chip and Cloud Stocks
A report that OpenAI missed internal growth targets was enough to shake confidence up and down the AI supply chain this week, sending chip and cloud stocks lower and raising new questions about how fast the market is actually expanding. Shares of Nvidia fell more than 3%, while AMD dropped even further before recovering slightly…
Global Security News
How Silicon Valley’s Brightest Parents Broke Their Own School
Tech executives built the ‘it’ school for their gifted kids. Lawsuits, internal feuding and a breakaway followed.
AI, Global Security News
Apple’s New Boss
Plus: The staying power of internal combustion, Meta’s huge layoffs, Marc Benioff’s take on AI and software, and more.
AI, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
Vercel attack fallout expands to more customers and third-party systems
Vercel said the fallout from an attack on its internal systems hit more customers than previously known, as ongoing analysis uncovered additional evidence of compromise. The company, which makes tools and hosts cloud infrastructure for developers, maintains a “small number” of accounts were impacted, but it has yet to share a number or range of…
Global Security News
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage. The root cause of slow MTTR is almost never “not enough analysts.” It is almost always the same structural problem:…
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Risk Management
Vercel’s security breach started with malware disguised as Roblox cheats
Vercel customers are at risk of compromise after an attacker hopped through multiple internal systems to steal credentials and other sensitive data, the company said in a security bulletin Sunday. The attack, which didn’t originate at Vercel, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions. An attacker traversed third-party…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
McGraw-Hill Confirms Data Exposure Tied to Salesforce Issue
McGraw-Hill has confirmed unauthorized access to a limited set of internal data following a reported Salesforce misconfiguration. The disclosure comes after an extortion threat that raised questions about the scale and sensitivity of the incident. “ShinyHunters has no shortage of options for potential follow-up campaigns. They can target instructors with convincingly branded messages, pivot into…
AI, Data Breaches, Europe, Global Security News
Basic-Fit hack exposes data of up to 1 million members
Basic-Fit, a European gym chain, disclosed that hackers breached one of its internal systems, exposing members’ personal data in several countries. The company operates more than 2,150 clubs in 12 countries under two brands, with more than 5.8 million members. “The unauthorised access was detected by our system monitoring processes and was stopped within minutes…
AI, Apps, china, Cybersecurity, Exploits, Global Security News, Government & Policy
Why is the timeline to quantum-proof everything constantly shrinking?
When Google announced last month it was moving up its own internal timeline for migrating to quantum-resistant forms of encryption, it started a broader conversation in the cybersecurity and cryptography communities: Just what was pushing one of the largest tech companies in the world to significantly accelerate its adoption of post-quantum protections for its systems,…
AI, Global Security News, Risk Management
Meta’s AI‑agent Data Leak
The recent incident at Meta, where an AI agent exposed sensitive internal data following a routine query, is a timely reminder that AI risk is already operational.
AI, Global Security News
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks.
AI, Apps, Global Security News
Microsoft adds high-volume email sending to Exchange Online
Organizations that rely on Exchange Online for internal communications have long needed a way to send large volumes of automated messages, such as payroll notifications, IT alerts, and security advisories, without running into the sending limits designed for person-to-person email. Microsoft has addressed that with the general availability of High Volume Email (HVE) in Exchange…
AI, Global Security News
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error. “No sensitive customer data or credentials were involved or exposed,” an Anthropic spokesperson said in a statement shared with CNBC News. “This was a release packaging issue caused by…
AI, Apps, Exploits, Global Security News, malware, Risk Management
New Bitdefender assessment helps organizations identify and eliminate hidden internal attack paths
Bitdefender has announced the Bitdefender Internal Attack Surface Assessment, a complimentary evaluation that helps organizations identify and reduce hidden internal cyber risks caused by unnecessary user access to applications, tools, and operating system utilities commonly exploited in attacks. The assessment provides organizations with a data-driven view of their internal attack surface and offers actionable guidance…
Global Security News
Stryker attack wiped tens of thousands of devices, no malware needed
Last week’s cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. […]
AI, Data Breaches, Exploits, Global Security News, Network Security
FBI probing intrusion into a system managing sensitive surveillance information
The Federal Bureau of Investigation (FBI) is probing suspicious activity on an internal system containing sensitive surveillance and investigation data. The FBI is investigating suspicious cyber activity affecting an internal system that stores sensitive data tied to surveillance operations and investigations, The Associated Press reports. According to a notification sent to members of the United…
AI, Global Security News, Network Security
Enigma AI enables internal trust governance to asset-to-asset communications
Enigma Networks has announced the general availability of its Internal Trust Governance platform, Enigma AI, which continuously determines and validates which communications are necessary and safe across enterprise networks. Just as identity and access management (IAM) governs trust for users, Enigma AI governs trust between internal systems and assets, introducing a new control plane for…
AI, Apps, Data Breaches, Global Security News, Network Security, Risk Management
Japan’s Washington Hotel Reports Ransomware Attack
Washington Hotel Corporation has confirmed a ransomware attack that compromised several internal servers, triggering containment measures and an ongoing investigation into potential data exposure. The incident was detected when unauthorized access was identified across multiple systems. “Unauthorized access to various business data stored on our servers has been confirmed. The information leak is currently under…
AI, Apps, Global Security News
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments
Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they…
AI, Compliance, Cybersecurity, Global Security News, Risk Management
NIS2: Supply chains as a risk factor
Many companies today invest significant resources to secure their internal IT. Firewalls, monitoring, incident response plans, and awareness programs are well-established. At the same time, a dangerous illusion is growing: the assumption that risks can be controlled within the boundaries of one’s own system. The reality is quite different. Modern business models are virtually inconceivable without…
AI, Compliance, Cybersecurity, Global Security News, Risk Management
NIS2: Supply chains as a risk factor
Many companies today invest significant resources to secure their internal IT. Firewalls, monitoring, incident response plans, and awareness programs are well-established. At the same time, a dangerous illusion is growing: the assumption that risks can be controlled within the boundaries of one’s own system. The reality is quite different. Modern business models are virtually inconceivable without…
AI, BreachForums, cyber attack, cyber attacks, Data Breaches, Global Security News, Security
Substack Breach: 662,752 User Records Leaked on Cybercrime Forum
Substack confirms a breach after hacker accessed internal user records now circulating on crime forums, exposing emails, phone numbers, and account metadata.