The Threat Codex

@[email protected]
119 Followers
0 Following
1.7K Posts
The Threat Codex is a website that tracks news articles on threat actors, malware families, vulnerabilities, and online services.
Websitehttps://threatcodex.com/
The Threat Codex15h ago
Europol dismantles First VPN, the go-to VPN service for cybercriminals
#FirstVPN
https://cybernews.com/security/first-vpn-service-taken-down-users-exposed/
The Threat Codex17h ago
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
#CVE_2026_3102
https://securelist.com/exiftool-compromise-mac/119866/
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).

Kaspersky
The Threat Codex18h ago
Discord: Every Voice and Video Call on Discord Is Now End-to-End Encrypted
#Discord
https://discord.com/blog/every-voice-and-video-call-on-discord-is-now-end-to-end-encrypted
Every Voice and Video Call on Discord Is Now End-to-End Encrypted

As of March 2026, E2EE is now enforced for every voice and video call on Discord. This represents a multi-year commitment, and Discord’s VP of Engineering is here to talk about why it matters.

The Threat Codex19h ago
Webworm: New burrowing techniques
#Webworm #EchoCreep #GraphWorm #ChainWorm #SmuxProxy
https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/
Webworm: New burrowing techniques

ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal.

The Threat Codex1d ago
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
#CVE_2026_45585
https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft released mitigations for YellowKey, a publicly disclosed BitLocker bypass tracked as CVE-2026-45585 with a CVSS score of 6.8.

The Hacker News
The Threat Codex1d ago
A malicious VS code extension just breached GitHub ‘s internal repositories
#TeamPCP #GitHub
https://securityaffairs.com/192440/cyber-crime/a-malicious-vs-code-extension-just-breached-github-s-internal-repositories.html
A Malicious VS Code Extension Just Breached GitHub 's Internal Repositories

One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit.

Security Affairs
The Threat Codex2d ago
How Storm-2949 turned a compromised identity into a cloud-wide breach
#Storm_2949
https://www.microsoft.com/en-us/security/blog/2026/05/18/storm-2949-turned-compromised-identity-into-cloud-wide-breach/
How Storm-2949 turned a compromised identity into a cloud-wide breach | Microsoft Security Blog

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operate undetected.

Microsoft Security Blog
The Threat Codex2d ago
Microsoft admits faulty drivers were killing Windows 11 battery life for years
#MicrosoftOperatingSystems
https://www.pcworld.com/article/3142511/microsoft-admits-faulty-drivers-were-killing-windows-11-battery-life-for-years.html
Microsoft admits faulty drivers were killing Windows 11 battery life for years

Microsoft is changing how Windows evaluates third-party drivers as bad ones were silently draining batteries and tanking performance for years.

PCWorld
The Threat Codex2d ago
Four malicious npm packages were uploaded to npm by the same threat actor, including a non-obfuscated Shai-Hulud clone
#npm
https://www.ox.security/blog/new-actors-deploy-shai-hulud-clones-teampcp-copycats-are-here/
New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here

New alert: 4 malicious npm packages (chalk-tempalte, axois-utils) deploy unmasked Shai-Hulud clones and DDoS botnets.

OX Security
The Threat Codex3d ago
Grafana says stolen GitHub token let hackers steal codebase
#Grafana #CoinbaseCartel
https://www.bleepingcomputer.com/news/security/grafana-says-stolen-github-token-let-hackers-steal-codebase/
Grafana says stolen GitHub token let hackers steal codebase

Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token.

BleepingComputer