The Wire
Curated cybersecurity and tech news — AI-summarized, source attributed.
Checkmarx confirms LAPSUS$ leaked 96GB of stolen GitHub data via Trivy supply-chain hit
Checkmarx has confirmed that data dumped by LAPSUS$ on its extortion portal was pulled from the company's private GitHub repositories, traced back to the March
Data Movement Is the Zero Trust Gap Hiding in Plain Sight
Zero Trust architectures get most of their attention at the identity and network perimeters — verifying users, segmenting workloads, locking down east-west traf
GitHub RCE Flaw CVE-2026-3854 Triggers on a Single Git Push
Researchers have disclosed CVE-2026-3854, a critical remote code execution vulnerability in GitHub that can be triggered by a single git push operation. The fla
GlassWorm Returns: Malicious VS Code Extensions Hit Developer Supply Chain Again
A new wave of GlassWorm-laced extensions has surfaced in the Visual Studio Code marketplace, continuing a campaign that weaponizes the IDE's extension ecosystem
LofyGang returns after 3-year hiatus with Minecraft-targeted LofyStealer
The Brazilian threat group LofyGang, last seen flooding npm with hundreds of malicious packages in 2022, has resurfaced with a new campaign dubbed LofyStealer a
Microsoft to block TLS 1.0/1.1 for Exchange Online POP and IMAP in July
Microsoft will fully deprecate TLS 1.0 and TLS 1.1 for POP3 and IMAP4 connections to Exchange Online starting July 2026. After the cutoff, any client still nego
PhantomRPC: Unpatched Windows RPC Flaw Opens Door to Privilege Escalation
A newly disclosed Windows vulnerability dubbed PhantomRPC lets a low-privileged local attacker climb to elevated rights by abusing weaknesses in the Remote Proc
UNC6692 Chains Social Engineering, Malware, and Cloud Abuse in Layered Attacks
Threat cluster UNC6692 is running a multi-stage operation that fuses human-targeted deception with malware deployment and abuse of legitimate cloud services. Th
Unpatched RCE in Hugging Face LeRobot exposes robotics stack to unauth attackers
A critical vulnerability tracked as CVE-2026-25874 affects Hugging Face's LeRobot, the company's open-source robotics framework. The flaw permits unauthenticate
US charges 19-year-old Scattered Spider suspect arrested at Helsinki airport
A dual US-Estonian citizen using the handle 'Bouquet' faces wire fraud, conspiracy, and computer intrusion charges after Finnish authorities detained him on Apr
VECT 2.0 ransomware nukes files over 131KB across Windows, Linux, and ESXi
A new ransomware strain dubbed VECT 2.0 has surfaced with cross-platform builds targeting Windows, Linux, and VMware ESXi hosts. Unlike conventional ransomware
Vidar Climbs to Top of Fragmented Infostealer Market
Vidar has emerged as the dominant infostealer in a market thrown into disarray after takedowns and infighting hit rivals like Lumma and RedLine. The malware-as-