Cybersecurity
When the internet’s plumbing catches fire
Charter Communications Confirms 40 Million Customer Records Stolen After ShinyHunters Called an Employee and Asked Nicely — The Entire Zero-Trust Architecture Was Defeated by a Phone Call on April Fools’ Day
🤚 The Open-Palm Breach Notification Charter Communications, the telecommunications conglomerate that serves roughly 30 million customers under the Spectrum brand, has confirmed that ShinyHunters —…
Read moreMicrosoft Copilot Cowork Can Be Tricked Into Stealing Your Files With Five Lines of Code — The AI Assistant Has Been Promoted to Insider Threat
🤚 The Open-Palm Disclosure Security researchers at PromptArmor have published findings that should make every enterprise IT department quietly close their laptop and stare out…
Read moreGhost CMS SQL Injection Compromises 700 Websites Including Harvard and Oxford — The Patch Was Available for 95 Days but the Attackers Read the Changelog First
🤚 The Open-Palm Injection A critical SQL injection vulnerability in Ghost CMS — tracked as CVE-2026-26980 — is being actively exploited in a large-scale campaign…
Read moreUnderminr DNS Vulnerability Puts 88 Million Domains at Risk — Your Network Trust Model Just Found Out It Was a Suggestion
🤚 The Open-Palm Disclosure A vulnerability called “Underminr” has just put approximately 88 million domains on notice, and the attack vector is so elegant it…
Read moreNetherlands Seizes 800 Servers From a Russian Bulletproof Host Called ‘Stark Industries’ That Rebranded as ‘WorkTitans’ — The Corporate Shell Game Has Better Uptime Than Your Actual Infrastructure
🤚 The Open-Palm Raid Report Dutch financial crime investigators — the FIOD — have seized 800 servers and arrested two men in a sweeping operation…
Read moreMicrosoft Defender Has Two Zero-Days Being Actively Exploited — The Software Guarding Your Computer Needed Guarding From Itself
🤚 The Open-Palm Patch Notes On Wednesday, Microsoft began rolling out emergency security patches for two zero-day vulnerabilities in Microsoft Defender — the software that…
Read moreGoogle Accidentally Reveals Its Own Unfixed Chromium Zero-Day — Your Browser Closes, the JavaScript Doesn’t, and the Bug Report Leaked Itself
🤚 The Open-Palm Disclosure In a move that absolutely no one at Google’s security team would describe as “optimal,” Google accidentally revealed the full details…
Read moreGitHub Confirms 3,800 Internal Repos Were Stolen via a Poisoned VS Code Extension — The Platform That Hosts the World’s Code Just Got Owned by a Marketplace Plugin
🤚 The Open-Palm Incident Report On May 19, 2026, a single GitHub employee installed a Visual Studio Code extension. By the time the company detected…
Read moreGrafana’s Entire Source Code Was Stolen via a Single GitHub Token — Your CI/CD Pipeline Has More Access Than Your CEO and Less Security Than Your Wi-Fi
🤚 The Open-Palm Disclosure Grafana Labs — the company whose dashboards are plastered across every DevOps team’s second monitor like motivational posters made of metrics…
Read moreMicrosoft ‘Fixed’ a Windows Zero-Day in 2020 — A Researcher Just Proved It Still Works in 2026, and Published the Exploit on GitHub as a Resignation Letter to the Bug Bounty Program
🤚 The Open-Palm Patch That Wasn’t In September 2020, a Google Project Zero researcher named James Forshaw discovered a privilege escalation vulnerability in the Windows…
Read more