GitHub Breach: 4K Repositories Compromised via Token Mismanagement — Dark Reading

GitHub confirmed a data breach involving the theft of 4,000 internal repositories due to a compromised employee device and a missed GitHub workflow token rotation. The breach was linked to a malicious Visual Studio Code extension. Security teams should immediately review access controls and token management practices to prevent similar incidents. The incident underscores the critical need for robust token rotation policies and employee device security measures.

Mitigation Released for YellowKey Windows BitLocker Bypass Vulnerability — The Hacker News

Microsoft has released mitigations for CVE-2026-45585, a zero-day vulnerability known as YellowKey, which allows attackers to bypass BitLocker encryption on Windows systems. The vulnerability affects systems using specific BitLocker configurations, potentially exposing sensitive data. Security teams should apply the mitigations immediately and review their BitLocker settings to ensure they are not susceptible to this exploit.

SonicWall VPN MFA Bypassed Due to Incomplete Patching — BleepingComputer

Threat actors have exploited incomplete patches to bypass multi-factor authentication (MFA) on SonicWall VPNs by brute-forcing VPN credentials. This vulnerability highlights the importance of thorough patch management and the need for additional security measures beyond MFA. Security teams using SonicWall VPNs should ensure all patches are fully applied and consider implementing additional layers of security such as network segmentation and anomaly detection.

• Grafana GitHub Breach Exposes Source Code via TanStack npm Attack [The Hacker News]
• GitHub confirms breach of 3,800 repos via malicious VSCode extension [BleepingComputer]
• GitHub Confirms Hack Impacting 3,800 Internal Repositories - SecurityWeek [Google News Security]
• Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development [The Hacker News]