Looking for a graduate degree that will give you an edge on your professional career? Earn a Master of Science in Law from University of Maryland Carey School of Law. This part-time, two-year online graduate degree program is for experienced professionals like you to understand laws and policies that impact your industry. Learn from CHHS faculty, who are experts in the cybersecurity field. No GRE required. Learn how you can Master the Law without a JD.
The Signals and Space newsletter returns alongside our weekly T-Minus: Space-Cyber Briefing podcast. Each Sunday, we’ll give you a deeper look into the research and context that shaped this week’s conversation or interview, along with the news we’re reading this week. Between the podcast and the newsletter, we aim to help cybersecurity professionals understand what’s happening in the space domain.
OpenAI has disclosed that two of its employee devices were compromised by a supply-chain attack that affected the TanStack npm library earlier this week, SecurityWeek reports. TanStack, an open-source React framework, was Trojanized by the Shai-Hulud worm, which has been used by the TeamPCP criminal threat actor to launch widespread supply-chain attacks against the npm and PyPI open-source ecosystems. The attack on TanStack then spread to nearly 400 other packages.
OpenAI says it's "found no evidence that OpenAI user data was accessed, that our production systems or intellectual property were compromised, or that our software was altered." The company is "taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," and will require all users to update their macOS applications by June 12, 2026.
Two days after the TanStack incident, someone claiming to be affiliated with TeamPCP released the complete source code of the Shai-Hulud worm. Researchers at Datadog say the code appears to be legitimate, noting that the framework is "a modular TypeScript/Bun toolkit for credential harvesting, supply chain poisoning, and encrypted data exfiltration, targeting both CI/CD pipelines and developer workstations."
The code was posted online on Tuesday. It's unclear if the individual who posted the code is actually associated with TeamPCP, and their motivations for posting the code are unknown.
Today’s work happens in the browser - but that’s also where new risks live. From shadow IT to session-based threats, critical activity often goes unseen.
NordLayer Browser gives IT teams visibility and control inside the browser itself—helping protect company data and enforce security across SaaS apps without disrupting workflows.
If your security stack stops short of the browser, it may be time to take a closer look.
Just after Microsoft's Patch Tuesday updates this week, an anonymous security researcher known as "Nightmare-Eclipse" released two Windows zero-days, the Register reports. The first vulnerability, dubbed " YellowKey," is a BitLocker bypass that allows an attacker with physical access to obtain root access on a machine. While the need for physical access lessens the scope of the flaw, Rik Ferguson, VP of security intelligence at Forescout, noted, "If [the researcher's claim] holds up, a stolen laptop stops being a hardware problem and becomes a breach notification." The flaw can be mitigated with a BitLocker PIN and a BIOS password lock.
The second vulnerability, dubbed "GreenPlasma," is a privilege escalation flaw that can allow attackers to obtain SYSTEM privileges. The researcher published a proof-of-concept exploit without the code needed to reach SYSTEM.
Nightmare-Eclipse is a disgruntled researcher who appears to be running a retaliatory campaign against Microsoft. The individual disclosed three additional Windows zero-days earlier this year.
Separately, Microsoft on Thursday published an advisory on an unpatched vulnerability (CVE-2026-42897) affecting Outlook Web Access in on-premises Exchange Servers, Infosecurity Magazine reports. Microsoft states, "An attacker could exploit this issue by sending a specially crafted email to a user. If the user opens the email in Outlook Web Access and certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context."
Microsoft is working on a patch and urges users to apply mitigations in the meantime. The recommended mitigation is to enable the Exchange Emergency Mitigation (EM) Service.
Today’s work happens in the browser - but that’s also where new risks live. From shadow IT to session-based threats, critical activity often goes unseen.
NordLayer Browser gives IT teams visibility and control inside the browser itself—helping protect company data and enforce security across SaaS apps without disrupting workflows.
If your security stack stops short of the browser, it may be time to take a closer look.
Taiwanese electronics manufacturing giant Foxconn has confirmed that a cyberattack disrupted operations at several of its factories in North America, the Record reports. A Foxconn spokesperson stated, "The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production." The spokesperson didn't specify which facilities were impacted. The Record notes that the company has factories in Wisconsin, Ohio, Texas, Virginia, Indiana, and several in Mexico. According to DysruptionHub, employees at one of Foxconn's Wisconsin locations were sent home early last Friday due to network outages.
WIRED says the Nitrogen ransomware gang listed Foxconn as a victim on Monday, claiming to have stolen eight terabytes of data from the company. The crooks say the stolen data contains schematics and project details belonging to Foxconn's customers, including Dell, Google, Apple, and Nvidia.
Iran’s cyber operations have evolved beyond destructive malware, with actors pivoting to target identity systems. Dave Bittner sat down with Sam Rubin, Senior Vice President at Palo Alto Networks, to discuss how Iranian groups are weaponizing stolen credentials and trusted access to reach high-value targets. Whether it be attacking vulnerable trusted parties or crafting documents loaded with malware, listen to the conversation to learn how Iran’s pivot is impacting the cybersecurity landscape.
Utah-based educational technology giant Instructure has provided an update on its response to the ShinyHunters extortion campaign targeting the company, the Register reports. Instructure's CEO, Steve Daly, apologized for the lack of communication from the company, and confirmed that Instructure "reached an agreement" with the threat actor to prevent the publication of stolen customer data. Daly said the company "received digital confirmation of data destruction (shred logs)," adding, "While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible."
Instructure, which owns the Canvas learning management software, confirmed a data breach earlier this month after the ShinyHunters extortion gang listed the company on its leak site. Last Thursday, the threat actor defaced around 330 Canvas school login portals, disrupting students' access during finals week to exert additional pressure on the company to pay the ransom. Instructure says this second incident was due to a vulnerability in Free for Teacher, a product that allows teachers to create courses in Canvas.
The British government said it would rework its cybercrime laws to protect security researchers from legal ramifications for legitimate work, the Record reports. The UK cyber industry has long warned that the Computer Misuse Act of 1990 was outdated and created uncertainty surrounding vulnerability research, penetration testing, and threat intelligence activities. Proposed reforms to the act were put forward alongside the King's Speech on Wednesday, though specifics haven't been released.
TrendAI's Dustin Childs and Johnny Hand speak with Ashish Rajan on how security leaders and practitioners get ahead of the accelerated use of AI in their organization. Listen to the episode of AI Security Brief now.
