A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.

Credential theft fell to 13% of breach vectors in 2026. Attackers now bypass MFA via help desk resets and OAuth token theft.
Cybernews

Hackers hijack Microsoft packages to steal developer logins

The malware used in the attack was dubbed “Miasma” and is described as a self-replicating worm designed to harvest login ...
Martin Cid Magazine

Chinese hackers spent 18 months inside Microsoft 365 before anyone noticed

A China-linked espionage group lived inside corporate cloud accounts for a year and a half by stealing trust instead of ...
The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

AI-built ransomware toolkit automates EDR evasion, AD discovery

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions.
SecurityWeek

Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges

Ukrainian national Oleksii Oleksiyovych Lytvynenko pleaded guilty in a US court to his role in the Conti ransomware group.
jagranjosh.com

CBSE Class 11 Computer Science Syllabus for Board Exam 2026-27, Download Free PDF Here

Access the official CBSE Class 11 Computer Science (Subject Code 083) syllabus and evaluation blueprint for the 2026-2027 academic year. Review unit-wise marks distributions, complete Python ...
The Hacker News

The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

The Gentlemen ransomware claims 478 victims as its AI-assisted RaaS operation adds worm-like spread capability.

Google and FBI warn of ransomware group that sends fake IT workers to hack victims in person

Cybercriminals, part of a gang known as Silent Ransom Group, have sent people pretending to be IT support employees to law ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...