GitHub breached and more - May 24, 2026

Weekly Roundup

May 24

Written By RF Wave

Featured

GitHub has confirmed they were victim of a breach

3,800 repositories were compromised as part of the breach, and the root cause was a malicious Nx Console VS Code extension compromised in the TanStack npm supply-chain attack

This Week’s Updates

Breaches

Grafana Labs discloses hackers stole its source code after breaching GitHub with a stolen access token

7-Eleven confirms a cyberattack by the ShinyHunters extortion group successfully breached its systems

Vulnerabilities

A max-severity unauthenticated RCE vulnerability in ChromaDB's Python FastAPI version allows attackers to execute arbitrary code on exposed AI application servers

Cisco releases patches for a max-severity Secure Workload vulnerability that allows unauthenticated remote attackers to gain Site Admin privileges

Microsoft begins rolling out patches for two actively exploited Microsoft Defender zero-day vulnerabilities

Ubiquiti releases security updates fixing three max-severity UniFi OS vulnerabilities exploitable by unauthenticated remote attackers

Trend Micro patches an Apex One zero-day vulnerability that has been actively exploited in attacks targeting Windows systems

vulnerabilitydata breachGitHubGrafana7-ElevenCiscoMicrosoftTrend MicroUbiquitiChromaDB

RF Wave

Carnival breached and more - May 30, 2026

Microsoft released May 2026 patches and more - May 17, 2026