Mastodawn

Megalodon: Mass GitHub Repo Backdooring via CI Workflows
#Megalodon
https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/

Megalodon: Mass GitHub Repo Backdooring via CI Workflows

Over 5,700 malicious commits were pushed to GitHub repositories on May 18, 2026, replacing GitHub Actions workflows with base64-encoded secret exfiltration payloads. The "megalodon" campaign targeted repos including Tiledesk (9 repos), Black-Iron-Project (8 repos), and hundreds of others. @tiledesk/tiledesk-server versions 2.18.6-2.18.12 on npm carry the backdoor. C2: 216.126.225.129:8443.

SafeDep - Real-time Open Source Software Supply Chain Security

The Threat Codex 2d ago

Europol dismantles First VPN, the go-to VPN service for cybercriminals
#FirstVPN
https://cybernews.com/security/first-vpn-service-taken-down-users-exposed/

The Threat Codex 2d ago

How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
#CVE_2026_3102
https://securelist.com/exiftool-compromise-mac/119866/

How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).

Kaspersky

The Threat Codex 2d ago

Discord: Every Voice and Video Call on Discord Is Now End-to-End Encrypted
#Discord
https://discord.com/blog/every-voice-and-video-call-on-discord-is-now-end-to-end-encrypted

Every Voice and Video Call on Discord Is Now End-to-End Encrypted

As of March 2026, E2EE is now enforced for every voice and video call on Discord. This represents a multi-year commitment, and Discord’s VP of Engineering is here to talk about why it matters.

The Threat Codex 2d ago

Webworm: New burrowing techniques
#Webworm #EchoCreep #GraphWorm #ChainWorm #SmuxProxy
https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/

Webworm: New burrowing techniques

ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal.

The Threat Codex 3d ago

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
#CVE_2026_45585
https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft released mitigations for YellowKey, a publicly disclosed BitLocker bypass tracked as CVE-2026-45585 with a CVSS score of 6.8.

The Hacker News

The Threat Codex 3d ago

A malicious VS code extension just breached GitHub ‘s internal repositories
#TeamPCP #GitHub
https://securityaffairs.com/192440/cyber-crime/a-malicious-vs-code-extension-just-breached-github-s-internal-repositories.html

A Malicious VS Code Extension Just Breached GitHub 's Internal Repositories

One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit.

Security Affairs

The Threat Codex 4d ago

How Storm-2949 turned a compromised identity into a cloud-wide breach
#Storm_2949
https://www.microsoft.com/en-us/security/blog/2026/05/18/storm-2949-turned-compromised-identity-into-cloud-wide-breach/

How Storm-2949 turned a compromised identity into a cloud-wide breach | Microsoft Security Blog

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operate undetected.

Microsoft Security Blog

The Threat Codex 4d ago

Microsoft admits faulty drivers were killing Windows 11 battery life for years
#MicrosoftOperatingSystems
https://www.pcworld.com/article/3142511/microsoft-admits-faulty-drivers-were-killing-windows-11-battery-life-for-years.html