7-Eleven Data Breach Confirmed, ShinyHunters Involved — BleepingComputer

7-Eleven has confirmed a data breach linked to the ShinyHunters gang, affecting its systems. The breach involves sensitive customer data, potentially including payment information. Security teams should monitor for suspicious activity related to 7-Eleven accounts and consider implementing additional security measures to protect against potential exploitation of leaked information.

CISA GitHub Repository Exposes Sensitive Credentials — Dark Reading

The Cybersecurity and Infrastructure Security Agency (CISA) inadvertently exposed sensitive credentials, including SSH keys and plaintext passwords, in a publicly accessible GitHub repository. This exposure highlights the risks of misconfigured repositories and emphasizes the need for stringent access controls and regular audits of public code repositories to prevent unauthorized access and potential exploitation.

ChromaDB Max-Severity Flaw Allows Server Hijacking — BleepingComputer

A critical vulnerability (CVE-2026-31635) in ChromaDB's FastAPI version enables unauthenticated attackers to hijack servers. This flaw has a high CVSS score, indicating significant risk. The release of a proof-of-concept exploit for this vulnerability underscores the urgency for affected organizations to apply patches and mitigate potential exploitation risks promptly.

• Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer [The Hacker News]
• Cybercrime service disrupted for abusing Microsoft platform to sign malware [BleepingComputer]
• Microsoft Self-Service Password Reset abused in Azure data theft attacks [BleepingComputer]
• New Shai-Hulud malware wave compromises 600 npm packages [BleepingComputer]
• Grafana Confirms Breach After Hackers Claim They Stole Data - OODAloop [Google News Security]