GitHub breach, SonicWall VPN MFA bypass, Drupal critical flaw demand patching

This briefing reports multiple high-risk cyber incidents: GitHub confirmed unauthorized access and alleged theft of over 3,800 internal repositories; Microsoft disrupted a malware-signing-as-a-service used to distribute ransomware; SonicWall Gen6 SSL‑VPN appliances are being actively exploited to bypass MFA via incomplete patching; Drupal released a critical core security update with imminent exploit risk; and the China-aligned Webworm APT deployed custom backdoors leveraging Discord and Microsoft Graph API. The document urges immediate patching, credential rotation, code-signing audits, and monitoring for related indicators of compromise.