‼️🚨 Research shows infostealers are the origin of the compromised accounts pushing the malware for the Megalodon 5,000+ repo supply chain attack.

Further analysis suggests similar attacks may be imminent: over 24,000 companies have employees with compromised GitHub credentials sitting in infostealer logs.

Hudson Rock cross-referenced the Megalodon GitHub usernames against their cybercrime intelligence database and matched 331 of 978 unique usernames (33%) to computers already infected by infostealers. Deeper manual lookups (pulling old commit emails and rechecking) push the compromised rate close to 100%.

The wider exposure: Accenture alone has 10+ infected employees with GitHub access. Dell's partner ecosystem maps 11,000+ compromised third parties, including ABB. Anheuser-Busch InBev is also on the list. Infostealer logs are now the fuel feeding mass GitHub supply chain attacks.

https://www.infostealers.com/article/infostealers-just-spawned-a-5000-repo-github-supply-chain-attack/

❗️ OpenAI is shipping a limited-edition collectible pen to its earliest ChatGPT Pro subscribers. Eligible users were notified around two months ago.

Supplies are capped at the first 4,000 who opt in through OpenAI's claim form.

‼️🚨 Researcher "Nightmare-Eclipse" had their GitHub account flagged and wiped after publicly dropping zero-day PoCs targeting Microsoft products.

In a message, they accuse Microsoft of deleting the account they used to report bugs (with zero payout for past disclosures).

The signed message ends with a direct threat: "Mark this date July 14th, I will make sure your bones are shattered that day."

A new GitLab account is already up at gitlab.com/nightmare-ecli…, with the bio "Microsoft's nightmare."

❗️ Pope Leo XIV says AI must be "disarmed" or it will deepen inequality and concentrate power. The warning runs 42,300 words in "Magnifica Humanitas," his first encyclical and the first papal encyclical in history dedicated to artificial intelligence.

Anthropic co-founder Chris Olah was among the presenters at the Vatican Synod Hall release on May 25, alongside Cardinals Víctor Manuel Fernández and Michael Czerny. Leo XIV is the first pontiff to personally present an encyclical.

For those who don’t know: an encyclical is a formal teaching letter from the Pope addressed to bishops, clergy, and the wider Catholic Church, often the entire world. It carries the highest weight of papal doctrine short of an infallible declaration and sets official Church teaching on faith, morals, or social issues.

‼️ Lock ‘em up! Dropshippers are now using Down syndrome and AI-generated content to manipulate buyers into purchasing cheap resin lamps as "handmade" products.

‼️🚨 Over 700 Ghost CMS sites, including Harvard, Oxford, and Auburn, were compromised through an unauthenticated SQL injection (CVE-2026-26980).

Attackers pulled Admin API Keys and turned every site into a ClickFix delivery vector via fake Cloudflare "verify you are human" pages. Patch was out February 19. Most never applied it.

https://blog.xlab.qianxin.com/ghost-cms-mass-compromised-via-cve-2026-26980-now-fueling-clickfix-attacks/

🚨 A zero-click attack is hijacking WhatsApp accounts on iPhones running iOS 16.

Victims scan no QR code, share no verification code, and see no linked device in the app.

Attackers then message the victim's contacts asking for bank transfers, and the likely chain (CVE-2025-43300 + CVE-2025-55177) is patched in iOS 16.7.12.

https://www.forenser.it/account-whatsapp-compromessi-su-iphone-con-ios-16/