Secure.com News

Stay updated with the latest cybersecurity news, threat intelligence, and industry updates from secure.com.

New Payload Ransomware Uses Military-Grade Encryption to Lock Windows Files

Dateline: May 26, 2026 Quick Verdict A sophisticated ransomware operation called Payload has been quietly building a global victim list since February 2026, using advanced encryption methods typically reserved for government communications. The cybercrime group combines ChaCha20 symmetric encryption with Curve25519 elliptic curve cryptography to lock Windows files in what security researchers call an unusually...

By Secure.com

GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks

GitHub has rolled out staged publishing for npm to combat npm supply chain attacks targeting the JavaScript ecosystem.

Secure.com May 25, 2026

Megalodon Malware Compromised 5,500+ GitHub Repos Within 6 Hours

The Megalodon malware attack compromised over 5,500 GitHub repositories within six hours, marking the largest automated supply chain breach in platform history.

Asad Tariq (Founding Member at Secure.com | Security Leader) May 22, 2026

Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised in 22 Minutes

A single compromised npm maintainer account pushed 637 malicious package versions in 22 minutes, forcing npm to invalidate write-access tokens platform-wide. The Mini Shai-Hulud worm keeps...

Asad Tariq (Founding Member at Secure.com | Security Leader) May 22, 2026

New NGINX Zero-Day RCE Vulnerability Threatens Millions of Web Servers

Security researchers discovered a critical nginx zero day vulnerability that grants attackers remote code execution access to millions of servers.

Secure.com May 21, 2026

GitHub Loses 3,800 Internal Repos to a Single Poisoned VS Code Extension

A poisoned plugin slipped past one of the most security-conscious companies on the internet, and the GitHub VS Code extension breach now puts every developer endpoint...

Secure.com May 21, 2026

Hackers Abuse Microsoft Entra ID Accounts to Steal Corporate Cloud Data

The Storm-2949 threat group executed a complex Microsoft Entra ID attack to steal sensitive data from corporate cloud environments.

Secure.com May 19, 2026

Mini Shai-Hulud Strikes Again: 314 @antv npm Packages Hijacked in 22-Minute Burst

A fresh npm supply chain attack tied to the Mini Shai-Hulud worm has poisoned hundreds of @antv packages, putting developer credentials at risk.

Secure.com May 19, 2026

Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922

Microsoft has officially confirmed that its May 2026 Patch Tuesday update for Windows 11 is failing with error code 0x800f0922.

Secure.com May 18, 2026

Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets

Security researchers discovered four malicious npm packages designed to steal SSH keys, cloud credentials, and cryptocurrency wallets from developers.

Secure.com May 18, 2026

Grafana Tells Extortionists to Get Lost After GitHub Token Breach Exposes Codebase

The Grafana GitHub token breach saw attackers steal a privileged token, exfiltrate the codebase, and try to extort the company. Grafana said no.

Secure.com May 18, 2026

OpenAI Confirms Breach After TanStack npm Supply Chain Attack Hit Two Employee Devices

The TanStack npm supply chain attack reached OpenAI's internal repositories. Here is the full picture of what actually happened.

Secure.com May 15, 2026

NGINX Was Hiding a Critical Bug for 18 Years. An AI Just Found It.

A newly disclosed NGINX vulnerability lay dormant in the codebase for 18 years before an AI system pulled it into daylight.

Asad Tariq (Founding Member at Secure.com | Security Leader) May 14, 2026

Page 1 of 5

Secure.com News

New Payload Ransomware Uses Military-Grade Encryption to Lock Windows Files

Browse by Category

GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks

Megalodon Malware Compromised 5,500+ GitHub Repos Within 6 Hours

Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised in 22 Minutes

New NGINX Zero-Day RCE Vulnerability Threatens Millions of Web Servers

GitHub Loses 3,800 Internal Repos to a Single Poisoned VS Code Extension

Hackers Abuse Microsoft Entra ID Accounts to Steal Corporate Cloud Data

Mini Shai-Hulud Strikes Again: 314 @antv npm Packages Hijacked in 22-Minute Burst

Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922

Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets

Grafana Tells Extortionists to Get Lost After GitHub Token Breach Exposes Codebase

OpenAI Confirms Breach After TanStack npm Supply Chain Attack Hit Two Employee Devices

NGINX Was Hiding a Critical Bug for 18 Years. An AI Just Found It.