1. ShinyHunters Leaks Data on 42 Million Charter Communications Customers The ShinyHunters extortion group published a trove allegedly stolen from Charter Communications, the telecom giant behind the Spectrum brand, after the company let a May 27 ransom deadline pass. The attackers say they gained entry through a voice-phishing (vishing) call that compromised an employee’s Microsoft […]
A Virtual Security Chief (vCISO) You Can Actually Afford
What is a virtual vCISO is, and why it may be the smartest line item a small organization adds this year A few months ago, I sat across the table in the break room from the owner of a family-run manufacturing shop in central Kentucky. He had forty employees, a payroll system, a customer database, […]
MFA Prompt Bombing: What It Is, Why It Works, and How to Stop It
MFA prompt bombing is a growing threat, but multifactor authentication remains one of your best defenses. Here is what changed and what to do about it. In September 2022, a contractor working for Uber got a notification on his phone. Then another. Then another. Forty push notifications in thirty minutes, each one asking him to […]
Cyber Security Weekly Top 5: Week of May 18–24, 2026
1. Megalodon Supply Chain Attack Poisons 5,500+ GitHub Repositories in Six Hours On May 18, an automated campaign dubbed “Megalodon” pushed 5,718 malicious commits to 5,561 GitHub repositories in a single six-hour window — one of the most aggressive open-source supply chain attacks ever recorded. Using throwaway accounts with forged identities (build-bot, auto-ci, ci-bot, pipeline-bot), […]
Cyber Security Weekly Top 5: Week of May 11-17, 2026
1. Google Thwarts First AI-Driven Zero-Day Exploit Attempt Google’s Threat Intelligence Group revealed it disrupted a hacker operation that used artificial intelligence to discover and weaponize a zero-day vulnerability in a widely used open-source web administration tool. The attackers leveraged an AI model to bypass two-factor authentication and were planning what Google described as a […]