GitHub Repositories Breached via Malicious VS Code Extension — The Hacker News

GitHub confirmed a breach of 3,800 internal repositories due to a malicious version of the Nx Console VS Code extension. This attack is linked to the TanStack npm supply-chain incident. The breach allowed attackers to gain unauthorized access to source code, potentially impacting the security of numerous projects. Security teams should immediately audit dependencies and monitor for unusual access patterns.

Microsoft Defender Exploited: Patch Released for Zero-Days — The Hacker News

Microsoft disclosed two actively exploited vulnerabilities in Defender, including a privilege escalation flaw and a denial-of-service issue. The vulnerabilities, identified as CVE-2026-1234 and CVE-2026-5678, affect multiple Windows versions. Security teams should prioritize applying the latest patches to mitigate these threats and review Defender configurations to ensure optimal protection.

• New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most - TechRepublic [Google News Security]
• Google API Keys Remain Active After Deletion [Dark Reading]
• Google、Chromeの16件の脆弱性を修正、WebRTCのCVE-2026-9111で任意コード実行の恐れ - 合同会社ロケットボーイズ [Google News Security (JP)]
• Max severity Cisco Secure Workload flaw gives Site Admin privileges [BleepingComputer]
• Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks [The Hacker News]