Megalodon: New CI/CD Malware Spreads Across GitHub, Infecting ~5,000+ Repositories
https://www.ox.security/blog/megalodon-cicd-malware-github/
Read on HackerWorkspace: https://hackerworkspace.com/article/megalodon-new-ci-cd-malware-spreads-across-github-infecting-5000-repositories
Threat hunters find Google API keys still usable 23 minutes after deletion
Read on HackerWorkspace: https://hackerworkspace.com/article/threat-hunters-find-google-api-keys-still-usable-23-minutes-after-deletion
SANS Stormcast Friday, May 22nd, 2026: Selective HTTP Proxying; More GitHub Repo Trouble; MSFT Defender Patches;
https://isc.sans.edu/podcastdetail/9942
Read on HackerWorkspace: https://hackerworkspace.com/article/sans-stormcast-friday-may-22nd-2026-selective-http-proxying-more-github-repo-trouble-msft-defender-patches
YCC情報システム、ランサムウェアの被害 調査完了-外部専門機関が実質的な情報漏えいを裏付ける痕跡は確認されず
https://rocket-boys.co.jp/security-measures-lab/ycc-info-systems-ransomware-probe-completed/
Windows93 / Myspace93 - 46,105 breached accounts - https://www.redpacketsecurity.com/windows93-myspace93-46-105-breached-accounts/
#databreach #HaveIBeenPwnedLatestBreaches #HIBP #OSINT #Security #threatintel #TroyHunt
Dragonica Lunaris - 126,293 breached accounts - https://www.redpacketsecurity.com/dragonica-lunaris-126-293-breached-accounts/
#databreach #HaveIBeenPwnedLatestBreaches #HIBP #OSINT #Security #threatintel #TroyHunt
Getting hacked isn't the problem. How you respond is.
Data breaches are inevitable but your response defines your organization's reputation. In this week's episode of @sharedsecurity we discuss the need to stop judging organizations for being attacked and why we need to start holding them accountable for what comes after.
Watch this episode on YouTube:
https://youtu.be/-pgPoMNAmkw
Listen and subscribe wherever you like to get your podcasts:
https://sharedsecurity.net/subscribe
https://sharedsecurity.net/2026/05/18/cybersecurity-lessons-from-the-canvas-data-breach/
“Based on the results of the data review to date, the following types of data were compromised in the incident: names; medical information (medical record numbers, disability codes, diagnoses, medications, test results, images, treatment plans); health insurance information (plans/policies, insurance companies, member/group ID numbers, Medicaid-Medicare-government payor ID numbers), billing/claims information; biometric information (finerprints & palm prints); personal information (Social Security numbers, driver’s license numbers or other government-issued identification numbers, taxpayer identification numbers or IRS-issued identity protection numbers, precise geolocation data, credit or debit card numbers, financial account information or credentials, online account credentials).”
“Up to 1.8 Million Individuals Affected by NYC Health + Hospitals Data Breach”
https://www.hipaajournal.com/nyc-health-hospitals-data-breach-march-26/
The HIPAA Journal reported on a data breach affecting patients of NYC Health + Hospitals Corporation in late March (see below), after the New York NYC Health + Hospitals Corporation has recently announced a security incident that involved the theft of PII and PHI from its network. Hackers had access to certain systems from November 25, 2025, to February 11, 2026, and stole the data of approximately 1.8 million individuals.
HackerWorkspace
セキュリティ対策Lab
RedPacket Security
CBC North
Tom Eston 
Regina Mühlich ✅, Datenschutz
Dave Rahardja