GitHub Investigates Internal Repositories Breach Claimed by TeamPCP
GitHub confirmed that roughly 3,800 internal repositories were accessed after an employee installed a malicious VS Code extension, in what appears to be a follow-on from the broader developer tooling supply chain attack activity seen this week. The company says it has no evidence that customer repositories, organizations, or enterprises were affected outside GitHub’s own internal environment, but is continuing to monitor for follow-on activity. Developer tooling and extensions remain a direct path into sensitive source code, internal workflows, and cloud-connected build environments — and this incident underscores how a single compromised extension can reach far beyond the individual who installed it.
Microsoft Disrupts Cybercrime Service That Abused Software Verification Systems en Masse
Microsoft’s Digital Crimes Unit disrupted Fox Tempest, a malware-signing-as-a-service operation that created and sold more than 1,000 fraudulent code-signing certificates used by ransomware operators and other cybercriminals to make malware appear legitimate and bypass controls that rely on trusted software signing. The takedown highlights how attackers have industrialized the trust mechanisms underlying software delivery, treating code-signing infrastructure as a commodity service rather than building it themselves. Security teams should treat signed binaries from unfamiliar publishers with the same scrutiny as unsigned ones, particularly in environments where signing alone is used as a trust gate.
Huawei Zero-Day Attack Behind Last Year’s Crash of Luxembourg’s Entire Telecoms Network
A previously unknown Huawei enterprise router vulnerability was responsible for Luxembourg’s nationwide telecom outage in July 2025, which disrupted mobile, landline, and emergency communications for more than three hours, according to new reporting. The flaw has reportedly not received a CVE, public advisory, or warning to other operators running the same equipment — meaning carriers elsewhere may still be exposed without knowing it. Critical infrastructure teams relying on the same Huawei gear have no public guidance to assess their exposure or validate compensating controls, which is itself a significant systemic risk beyond the original incident.
Unpatched ChromaDB Vulnerability Can Lead to Server Takeover
Researchers disclosed CVE-2026-45829, an unpatched ChromaDB vulnerability that allows remote, unauthenticated attackers to execute code and take control of the server process by supplying a malicious Hugging Face model identifier that gets loaded and executed before any authentication checks occur. ChromaDB is a widely used open-source vector database at the core of many AI and RAG-based applications, and exposed instances typically have access to API keys, mounted secrets, environment variables, and internal data stores. Until a patch is available, teams should ensure ChromaDB is not internet-facing, restrict access at the network level, and audit what credentials and data the server process can reach.
AI-Related Data Breaches Surging, Verizon Report Says
Verizon’s 2026 Data Breach Investigations Report found that vulnerability exploitation has overtaken stolen credentials as the top breach entry point, with 31% of reviewed breaches starting from exploited software flaws, while attackers are increasingly using AI to accelerate vulnerability discovery, targeting, initial access, and malware development. Shadow AI is also emerging as a significant internal data loss vector, as employees connect sensitive business data to unsanctioned AI tools outside of any governance controls. The report’s practical takeaway is that patch speed, software exposure management, and AI governance can no longer be treated as separate workstreams — attackers are already connecting them.
