Blog
GitHub ‘Verified’ Commits Can Be Rewritten Into New Hashes Without Breaking Signatures
New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a second commit with the same files, author, and date, and a valid...
The Verification Step Is the New ATO Battleground in 2026
For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was cheap, scalable, and for defenders, relatively well understood. That era is...
GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code
An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That is the finding of a new study of GitHub Copilot by researchers Abhishek...
China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware
A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by breaking into internet-facing networking devices. According to findings from Cisco Talos, UAT-7810 is an advanced persistent threat...
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every...
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 (CVSS score: 10.0)...
RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service
A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim's phone, steal their banking logins, and capture the one-time codes that protect their accounts....
Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users...
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. "The campaign did not depend on a fake Microsoft...
Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have shown. The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials...
FREE GUIDE