November 28, 2025

PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials.…

Brit telco Brsk confirms breach as bidding begins for 230K+ customer records

Crims claim to know which customers are marked 'vulnerable' British telco Brsk is investigating claims that it was attacked by cybercriminals who made off with more than 230,000 files.…

GrapheneOS bails on OVHcloud over France’s privacy stance

Project cites fears of state access as cloud sovereignty row deepens French cloud outfit OVHcloud took another hit this week after GrapheneOS, a mobile operating system, said it was ditching the company's servers over concerns about France's approach to digital privacy.…

TryHackMe races to add women to Christmas cyber challenge roster after backlash

Training outfit scrambles to fix all-male lineup before December kickoff Cybersecurity training provider TryHackMe is scrambling to recruit women infosec pros to help with its Christmas challenge following backlash concerning a lack of gender diversity.…

OBR drags in cyber bigwig after Budget leak blunder

Ex-NCSC chief Ciaran Martin asked to examine how forecast ended up online ahead of schedule The Office for Budget Responsibility (OBR) has drafted in former National Cyber Security Centre (NCSC) chief Ciaran Martin to sniff out how its Budget day forecast wandered onto the open internet before the…

Copyright © 2026 Lugapel