The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
… Copy and Paste: Users routinely copy sensitive data—customer records, credentials, source code—from internal systems and paste it into personal email, SaaS apps, and AI tools. …
Search
GitHub investigates internal repositories breach claimed by TeamPCP
… GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code. …
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
… Download Now Related Articles: Ivanti fixes EPMM zero-days chained in code execution attacks CISA flags new SD-WAN flaw as actively exploited in attacks Ransomware gang exploits Cisco flaw in zero-day attacks since January Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin Google… …
TeamPCP hackers advertise Mistral AI code repos for sale
… Earlier today, OpenAI also confirmed that the TanStack supply-chain impacted systems of two of its employees who had access to “a limited subset of internal source code repositories.” A small set of credentials was stolen from the repositories, but the investigation found no evidence that they wer… …
GitHub confirms breach of 3,800 repos via malicious VSCode extension
… Download Now Related Articles: GitHub investigates internal repositories breach claimed by TeamPCP 7-Eleven confirms data breach claimed by the ShinyHunters gang Grafana says stolen GitHub token let hackers steal codebase TeamPCP hackers advertise Mistral AI code repos for sale OpenAI confirms secu… …
GitHub links repo breach to TanStack npm supply-chain attack
GitHub links repo breach to TanStack npm supply-chain attack By Sergiu Gatlan May 21, 2026 02:54 AM GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack… …
Chinese hackers target telcos with new Linux, Windows malware
… TCP proxying — Uses the victim system as a network relay into internal systems. …
Why the browser is now the front line for AI security
… Sensitive data leaves the organization through clipboard pastes and file uploads to AI tools that security teams didn't approve and can't monitor. AI browser extensions collect browsing context from internal applications, creating a data exfiltration path that operates outside traditional DLP. …
AI-built ransomware toolkit automates EDR evasion, AD discovery
… However, Sophos noticed discrepancies between the test output and the framework’s internal reporting in some instances, although the reasons are unclear. Sophos found no evidence that AI was embedded in deployed malware or operating independently in victim environments. …
Max-severity flaw in ChromaDB for AI apps allows server hijacking
… Two weeks ago, the maintainer released version 1.5.9. However, it remains unclear if the security issue has been fixed. Since February 17, HiddenLayer researchers have attempted to contact the developer multiple times over email and social media, but received no reply. …