Grafana GitHub Token Breach: Codebase Compromised and Extortion Threat — The Hacker News

Grafana has disclosed a significant security breach where an unauthorized party obtained a GitHub token, enabling them to download the entire codebase. This breach led to an extortion attempt, highlighting the critical nature of securing access tokens. Security teams should immediately review and rotate any exposed tokens and enhance monitoring for suspicious activities. This incident underscores the importance of implementing robust access controls and incident response plans.

Windows 'MiniPlasma' Zero-Day Exploit: SYSTEM Access Vulnerability — BleepingComputer

A new zero-day exploit named 'MiniPlasma' has been disclosed, allowing attackers to gain SYSTEM-level access on Windows systems. The proof-of-concept exploit is public, raising the risk of widespread exploitation. Affected systems include those running unpatched versions of Windows. Security teams should prioritize patch management and deploy mitigations to protect against this privilege escalation vulnerability. Monitoring for unusual system activity is advised until a patch is released.

• Zara data breach exposes 200K customers after alleged ransomware attack - Cybernews [Google News Security]
• Microsoft Exchange Serverのゼロデイ脆弱性 CVE-2026-42897がサイバー攻撃へ悪用 - 合同会社ロケットボーイズ [Google News Security (JP)]
• NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE [The Hacker News]
• 谷歌 Project Zero 披露针对 Pixel 10 设备的零点击漏洞利用链 - 51cto.com [Google News Security (CN)]
• OpenClaw 曝出四大漏洞可导致数据窃取、权限提升与持久化攻击 - 51cto.com [Google News Security (CN)]