Grafana Says Missed Token Let Attackers Copy Private Repos
Grafana says attackers copied two private GitHub repositories after one workflow token was missed during post-TanStack credential rotation.
News desk
Security News
Security incidents, exploited vulnerabilities, breach reports, malware campaigns, and urgent patch notes arranged for fast daily scanning.
June 4, 2026
Latest reports
Trend Micro Apex One CVE-2026-34926 Exploited in the Wild
Trend Micro patched an Apex One on-prem directory traversal flaw after observing exploitation attempts. CISA added CVE-2026-34926 to KEV.
Microsoft Defender CVE-2026-41091 and CVE-2026-45498 Exploited
Microsoft says two Defender flaws have been exploited. CISA added both to KEV, making Defender engine and platform update checks urgent.
Drupal Core CVE-2026-9082: PostgreSQL SQL Injection Patch
Drupal core CVE-2026-9082 is a highly critical PostgreSQL SQL injection flaw. Check affected branches, fixed versions, production database driver, logs, and post-patch review steps.
SonicWall CVE-2024-12802: MFA Bypass Still Exposes SSL-VPNs
SonicWall CVE-2024-12802 can leave SSL-VPN MFA bypassable when firmware is patched but LDAP/AD settings are not completed. Check UPN/SAM login paths and VPN authentication…
ChromaDB CVE-2026-45829 Allows Pre-Auth Server Takeover
HiddenLayer disclosed ChromaToast, a pre-auth RCE in ChromaDB Python FastAPI server deployments that can execute a malicious model before access checks run.
GitHub Internal Repos Exposed Through Poisoned VS Code Extension
GitHub says an employee device was compromised through a poisoned VS Code extension, exposing internal repositories and putting developer workstation trust under scrutiny.
Storm-2949 SSPR Abuse: From MFA Prompt to Cloud-Wide Breach
Microsoft says Storm-2949 abused Self-Service Password Reset and MFA social engineering to reach Microsoft 365 and Azure data. Check SSPR scope, MFA changes, Graph…
Fox Tempest Signed Malware Service: Why Valid Signatures Are Not Enough
Microsoft says Fox Tempest operated a malware-signing service. Learn why signed malware can still be unsafe, what users should check, and how defenders should…