🚨 CISA KEV 3[−]
14 May KEVFragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalationA new Linux kernel local privilege escalation exploit with a public proof-of-concept targets the same subsystem as Dirty Frag but requires a separate patch. Key Takeaways CVE-2026-46300 (Fragnesia) is the latest high severity local privilege escalation vulnerability in the Linux …TENABLE.COM
14 May KEVU.S. CISA adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Catalyst SD-WAN, tracked as CVE-2026-20182 …SECURITYAFFAIRS.COM
14 May KEVFrequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)Multiple critical authentication bypass vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager are under active exploitation by multiple threat clusters, including CVE-2026-20182, which has been exploited as a zero-day by a sophisticated threat actor. Key Takeaways CVE-2…TENABLE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 23[−]
14 MayNew Fragnesia Linux Kernel LPE Grants Root Access via Page Cache CorruptionDetails have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the…THEHACKERNEWS.COM
14 May18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCECybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite…THEHACKERNEWS.COM
14 May KEVLangflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS WorkerLangflow instances left unpatched against CVE-2026-33017 are now being actively abused not just for remote code execution, but as launchpads to steal AWS keys and join a NATS-backed botnet-style worker pool dubbed “KeyHunter.” The vulnerability, now listed in CISA’s Known Exploit…GBHACKERS.COM
14 MayMongoDB Security Flaw Enables Arbitrary Code Execution on Vulnerable SystemsThe foundation of countless modern applications is under an emerging threat. A severe vulnerability in MongoDB could allow attackers to execute unauthorised code on targeted database servers undetected. Tracked officially as CVE-2026-8053, this critical flaw serves as a potential…GBHACKERS.COM
14 MayCritical Exim Mailer Flaw Enables Remote Code Execution AttacksA newly disclosed vulnerability in the widely used Exim mail transfer agent exposes thousands of internet-facing mail servers to unauthenticated remote code execution, threatening core email infrastructure across Linux and Unix-like systems. Tracked as CVE-2026-45185 and nickname…GBHACKERS.COM
14 MayPraisonAI vulnerability gets scanned within 4 hours of disclosureA newly disclosed authentication bypass flaw in the open-source AI orchestration framework PraisonAI was probed by internet scanners less than four hours after its public disclosure. According to Sysdig observations, roughly three hours and 44 minutes after a GitHub advisory drop…CSOONLINE.COM
14 MayPraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of DisclosureThreat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case o…THEHACKERNEWS.COM
14 MayWindows DNS Client Security Flaw Exposes Systems to Remote Code ExecutionWindows systems worldwide are at risk from a new critical flaw in the Windows DNS Client that could allow remote code execution without any user interaction. Tracked as CVE-2026-41096, the vulnerability has been rated critical with a CVSS base score of 9.8. It is patched in Micro…GBHACKERS.COM
14 MayCVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCECVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCE CVE-2026-42945 is a heap-based buffer overflow in NGINX that occurs in ngx_http_rewrite_module (the rewrite module). The bug is remotely reachable over HTTP and can be triggered without authenticat…SOCRADAR.IO
14 MayCritical WordPress Plugin Flaw Allows Unauthorized Access to WebsitesA critical vulnerability in a widely used WordPress plugin has exposed more than 200,000 websites to potential takeover, raising urgent concerns across the security community. Security researchers at Wordfence, using their AI-driven PRISM platform, have uncovered a severe authent…GBHACKERS.COM
14 MayNGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to lightResearchers found a critical 18-year-old buffer overflow flaw in NGINX, tracked as CVE-2026-42945 and named NGINX Rift. If you run NGINX, and statistically speaking, there is a very good chance you do, this week brought news worth stopping for. Security researchers at depthfirst …SECURITYAFFAIRS.COM
14 MayFragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like Dirty Frag, it affe…HELPNETSECURITY.COM
14 MayCVE-2026-42897 Microsoft Exchange Server Spoofing VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 MayCVE-2026-41615 Microsoft Authenticator Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
14 MayBroadcom releases VMware Fusion security update for root access bugBroadcom patched a high-severity VMware Fusion flaw, CVE-2026-41702, that could let local attackers gain root privileges. Broadcom released a security update for VMware Fusion to address a high-severity vulnerability, tracked as CVE-2026-41702, that could allow local attackers to…SECURITYAFFAIRS.COM
14 MayCVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)Overview While researching a critical authentication bypass vulnerability, CVE-2026-20127 , which was exploited in-the-wild , Rapid7 Labs discovered a new authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (formerly known as vSmart), CVE-2026-20182 . T…RAPID7.COM
14 May KEVThe Dark Side of Efficiency: When Network Controllers Become "God Mode" for AttackersImagine you build a massive corporate campus with every security control money can buy. Blast resistant doors. Biometric scanners. Guards at every entrance. Maybe something similar to the infamous Death Star. On paper, it looks fantastic. Then, somewhere along the way, somebody d…RAPID7.COM
14 MayOngoing exploitation of Cisco Catalyst SD-WAN vulnerabilitiesCisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage.TALOSINTELLIGENCE.COM
14 May KEVCisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin AccessCisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. "A vulnerability in the peering authen…THEHACKERNEWS.COM
14 MayLinux Kernel bug Fragnesia allows local root access attacksFragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300 (CVSS score of 7.8). The …SECURITYAFFAIRS.COM
14 May KEVCVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OSOverview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265 , a signature verification vulnerability that facilitates authentication bypass on PAN-OS , the operating system that most Palo Alto Networks firewalls run. This vulnerability allows a re…RAPID7.COM
14 MayMeet Fragnesia, the third Linux kernel vulnerability in a monthLinux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This is a significant vulnerability,” Robert Beggs , head of incident response firm DigitalDefence, told CSO . “It is bypassing…CSOONLINE.COM
14 MayAI agent finds 18-year-old remote code execution flaw in NginxResearchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program’s code for the past 18 years. Tracked as CVE…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 34[−]
14 MayAmazon Quick Security Flaw Allowed Restricted Users to Access AI Chat AgentsA newly disclosed security flaw in Amazon’s AI-powered business intelligence platform has revealed how restricted users could quietly bypass controls and interact with AI chat agents, despite explicit administrative denial. The issue, discovered by Fog Security researcher Jason K…GBHACKERS.COM
14 MayGitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoSGitLab has issued an urgent security update to neutralise a massive wave of vulnerabilities. Threat actors could exploit these newly disclosed flaws to silently hijack developer sessions or completely paralyze continuous integration pipelines with unauthenticated attacks. GitLab …GBHACKERS.COM
14 MayHackers Hijack HWMonitor to Sideload Malicious DLLHackers are once again exploiting user trust in legitimate software, this time abusing the popular CPUID HWMonitor utility to deliver a stealthy remote access trojan. The malicious archive mimics a legitimate installer, highlighting how trusted tools remain a powerful lure for in…GBHACKERS.COM
14 MayPoC Released for 18-Year-Old NGINX Flaw Allowing Remote Code ExecutionA critical vulnerability in NGINX’s source code, hidden since 2008, has finally been exposed, and a working exploit is already in the wild. Security researchers at depthfirst have publicly released a proof-of-concept (PoC) exploit demonstrating unauthenticated remote code e…GBHACKERS.COM
14 MayPackagist Warns: Update Composer Now After GitHub Actions Token LeakA sudden change in GitHub’s token format has triggered an unexpected security vulnerability in Composer, exposing sensitive authentication tokens in CI/CD logs and forcing Packagist to issue an urgent warning to PHP developers worldwide. The issue stems from a mismatch between Gi…GBHACKERS.COM
14 MayNew Exim BDAT GnuTLS Vulnerability Enables Code Execution AttacksA critical, stealthy vulnerability is lurking deep within Exim, the software powering a massive share of the world’s email infrastructure. Sitting exposed on the internet’s front lines, these message transfer agents are highly lucrative targets for ruthless threat act…GBHACKERS.COM
14 MayGentlemen RaaS Exploits Fortinet and Cisco Edge Devices for Initial AccessThe Gentlemen ransomware-as-a-service (RaaS) operation is turning exposed Fortinet and Cisco edge devices into a fast lane into enterprise networks and doing it at scale. What began as a rising RaaS brand in mid‑2025 has, by early 2026, evolved into one of the most active program…GBHACKERS.COM
14 MayAbrigo - 711,099 breached accountsIn April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group . Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belong…HAVEIBEENPWNED.COM
14 MayWhat CISOs need to land a board roleCybersecurity leaders often have complex relationships with their boards. Many boards lack cyber expertise, and CISOs can encounter roadblocks as a result when it comes to earning board approval. Other security leaders may not have a direct line to their board, or they may be vie…CSOONLINE.COM
14 MayDeepfake sextortion forces schools to remove student photos from websitesExperts are urging schools to take down identifiable photos of students, after AI deepfakes have led to sextortion cases at UK schools.MALWAREBYTES.COM
14 MayMy relationship status is “compromised.”This week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside …THECYBERWIRE.COM
14 MayCERN’s open source KiCad library gives the world 17,000 circuit board componentsCERN has released its complete KiCad component library under an open source license, making it available to hardware designers anywhere in the world. The library, maintained by CERN’s Design Office, contains more than 17,000 electronic components in the form of schematic sy…HELPNETSECURITY.COM
14 MayOver 70% of organizations hit by identity breachesAttackers rely on stolen credentials, compromised service accounts, and social engineering attacks targeting employees, according to Sophos’ The State of Identity Security 2026 survey. What do you estimate to be the overall cost to your organization to rectify the identity breach…HELPNETSECURITY.COM
14 MayMachine identities outnumber humans 109 to 1Organizations manage an average of 109 machine identities for every human identity. AI agents account for a growing share of those identities, with companies expecting AI agent growth of 85% over the next 12 months. Machine identities are projected to increase by 77%, and human i…HELPNETSECURITY.COM
14 MayWindows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege EscalationAn anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been…THEHACKERNEWS.COM
14 MayMicrosoft turns Copilot Studio into an AI agent control centerThe Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent status in the authoring experience, giving admins insight into each agent’s security and protection posture. C…HELPNETSECURITY.COM
14 MayNew Malware Framework Enables Screen Control and UAC BypassA sophisticated malware framework capable of screen control, browser artifact access, and User Account Control (UAC) bypass, highlighting how attackers are increasingly adapting open-source tools for real-world intrusions. The attack chain revealed a carefully staged operation de…GBHACKERS.COM
14 MayCanon MailSuite Security Flaw Allows Attackers to Execute Code RemotelyCanon has disclosed a critical security vulnerability in its GUARDIANWALL MailSuite product that could allow attackers to execute arbitrary code remotely, raising serious concerns for organizations relying on the platform for email security. The issue, officially announced on May…GBHACKERS.COM
14 MayHow AI Hallucinations Are Creating Real Security RisksAI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates t…THEHACKERNEWS.COM
14 MayChinese APT Exploits Microsoft Exchange to Breach Energy Sector NetworkChinese state-aligned hackers compromised a Microsoft Exchange server at a major energy firm. They repeatedly reused that same entry point to run a months‑long espionage operation, deploying the Deed RAT and Terndoor backdoors to maintain deep access across the network. The activ…GBHACKERS.COM
14 MayTeamPCP, BreachForums Launch $1K Supply-Chain Attack ContestA new cybercrime campaign is turning supply chain attacks into a public competition, as TeamPCP and BreachForums operators launch a $1,000 contest that encourages hackers to compromise open-source packages. The initiative, first highlighted by Dark Web Informer, signals an escala…GBHACKERS.COM
14 MayFlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defensesA widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an escalation in phishing-kit sophistication that could make attacks harder for tradition…CSOONLINE.COM
14 MayFrontier AI models reap rapid discovery of security vulnerabilitiesSecurity teams have just a few months before AI-driven exploitation becomes the norm, researchers warn.CYBERSECURITYDIVE.COM
14 MayThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ StoriesEverything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should hav…THEHACKERNEWS.COM
14 MayThe time of much patching is comingIn this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.TALOSINTELLIGENCE.COM
14 MayODNI taps officials to coordinate response to foreign election threatsDirector of National Intelligence Tulsi Gabbard has tapped two individuals to coordinate work across U.S. spy agencies to monitor threats to the 2026 elections, according to multiple sources familiar with the matter.THERECORD.MEDIA
14 MayRegional routing for AWS access portals: Implementing custom vanity domains for IAM Identity CenterAWS IAM Identity Center provides a web-based access portal that gives your workforce a single place to view their AWS accounts and applications. With the recent launch of IAM Identity Center multi-Region replication, customers can replicate their IAM Identity Center instance acro…AWS.AMAZON.COM
14 MayThe era of AI-powered attacks is here.Google says AI-powered cybercrime has gone industrial scale. Two new Windows zero-days emerge. Signal threatens to leave Canada over lawful access legislation. Pentagon-linked influence operations shift to paid ads. Linux admins scramble to patch a new root-level flaw. FamousSpar…THECYBERWIRE.COM
14 MayGoogle announces hackers are using AI to create zero days.Canvas pays hackers.THECYBERWIRE.COM
14 MayOpenAI asks macOS users to update after TanStack npm supply chain attackThe actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.THERECORD.MEDIA
14 May KEVMaximum Severity Cisco SD-WAN Bug Exploited in the WildThis is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.DARKREADING.COM
14 MayYou're not going to patch your way out of this - PSW #926This week: - New Yellowkey bitlocker bypass and what it means for you - Hackers can run you over with a robot lawnmower - FCC says new things about routers, again - Glitching with AI - almost no false positives - AI thought it was evil - DirtyFrag and the sad state of Linux LPEs …YOUTUBE.COM
14 MayBring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assetsTenable Hexa AI eliminates “zombie” cloud infrastructure, helping you reduce risk and make a “killing” on cost reduction. Key takeaways As AI accelerates cloud growth, zombie cloud assets multiply in your environment. You need agentic AI to prevent a cloud zombie apocalypse. Clou…TENABLE.COM
14 MayAI Just Hacked HardwareAn AI agent was used to autonomously execute a voltage fault injection attack against an ESP32 Secure Boot V1 system. It was given direct access to hardware interfaces and handled major parts of the attack chain, including tool configuration, exploit script generation, and firmwa…YOUTUBE.COM
📢 SECURITY ADVISORIES 4[−]
14 MayThe Human Side of Threat IntelligenceIngrid Parker, Director of Intel Response at Unit 42, has a background that doesn't fit the mold: art student, Army linguist, systems administrator deployed to Afghanistan, co-author of 11 Strategies of a World-Class Cybersecurity Operations Center. In this conversation, she and …THECYBERWIRE.COM
14 MaySony's failed attempt to stop piracy.This week, Dave and Ben sit down to discuss how Sony's failed lawsuit could have major impacts on other copyright lawsuits alongside how the EU's AI approach might be grounded in nuclear deterrence strategies. Additionally, our team sits down with Dr. Liz James, a managing securi…THECYBERWIRE.COM
14 MayHYCU aiR detects insider risk and AI activity from backupsHYCU has announced HYCU aiR (AI Resilience), an AI-native solution that turns backup data across dozens of applications into a live and actionable intelligence for security, compliance, and IT teams. aiR lets organizations search, query, and run purpose-built agents to surface in…HELPNETSECURITY.COM
14 MayPentagon cyber official calls advanced AI ‘revolutionary warfare’Paul Lyons, principal deputy assistant secretary for cyber policy, also discussed the importance of cyber offense. The post Pentagon cyber official calls advanced AI ‘revolutionary warfare’ appeared first on CyberScoop .CYBERSCOOP.COM
🔥 INCIDENT REPORTING 15[−]
14 MayWelcoming the Bahamian Government to Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas. The National Computer Inci…TROYHUNT.COM
14 MayWhen ransomware gets physical: cybercriminals turn to threats of violencePay up, or we'll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats - and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
14 MayFamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaignChinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and g…SECURITYAFFAIRS.COM
14 MayNitrogen Ransomware claims massive data theft from FoxconnFoxconn confirmed a cyberattack on some North American factories. The Nitrogen ransomware group claims it stole 8TB of data from the firm. Foxconn confirmed that several of its North American factories were affected by a cyberattack. The manufacturer confirmed it was targeted by …SECURITYAFFAIRS.COM
14 MayBreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime Gets GamifiedBreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime Gets Gamified Underground cybercrime communities are increasingly borrowing ideas from legitimate tech ecosystems: branding, public challenges, shared tools, reputation building, and even prize-based compet…SOCRADAR.IO
14 MayMicrosoft Research: AI Can Generate Realistic Command-Line and Process TelemetryA new approach showing how artificial intelligence can generate highly realistic command-line data and process telemetry potentially transforming how security teams build and test threat detection systems. Logs and telemetry form modern cybersecurity risk, powering threat detecti…GBHACKERS.COM
14 MayLATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean EnterprisesCredential theft malware rarely announces itself with ransomware-level noise. Instead, it operates like a silent siphon hidden inside everyday business workflows: invoices, payroll files, purchase orders, procurement requests. Agent Tesla campaigns are especia…ANY.RUN
14 MayFoxconn Attack Highlights Manufacturing's Cyber CrisisA Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for downtime.DARKREADING.COM
14 MayTop 5 Surface Web Hacker Forums in 2026Top 5 Hacker Forums on the Surface Web Security teams often associate cybercrime forums exclusively with the Dark Web and Tor. However, several of the most active underground communities now operate openly on the surface web, accessible via standard browsers and indexed infrastru…SOCRADAR.IO
14 MaySandworm Hackers Shift From IT Breaches to Critical OT TargetsA new wave of cyber activity linked to the notorious Sandworm group is raising fresh alarms across global critical infrastructure. Security researchers warn that the Russian state-backed threat actor is no longer just infiltrating IT networks it is actively pivoting into operatio…GBHACKERS.COM
14 MayLABScon25 Replay | Breach Alpha: Trading on Cyber FalloutMick Baccio and Scott Roberts examine whether public breach signals and market timing models can turn cyber incidents into actionable trading opportunities.SENTINELONE.COM
14 MayWhen Nobody Reports the ThreatSecurity teams often depend on users or employees to report suspicious behavior, anomalies, or identity-related issues. But humans naturally assume another person will step in first. That creates a dangerous reporting gap. If everyone ignores unusual activity because they expect …YOUTUBE.COM
14 MayMajor tech manufacturer Foxconn confirms cyberattack hit North American factoriesThe ransomware group Nitrogen claimed responsibility for the attack and said it stole 8 terabytes of data spanning more than 11 million files belonging to the company’s top customers. The post Major tech manufacturer Foxconn confirms cyberattack hit North American factories appea…CYBERSCOOP.COM
14 MayWest Pharmaceutical starts restoring operations after ransomware attackThe company confirmed data was stolen and encrypted by the attackers.CYBERSECURITYDIVE.COM
14 MayFighting AI-Assisted Ransomware ThreatsThis Anti-Ransomware Day, it's important to recognize the ever-changing landscape of cyber threats and how organizations can fortify their defenses. The evolution from traditional ransomware to cyber extortion over the last few years reflects a professionalized, decentralized eco…KNOWBE4.COM
🕵️ THREAT INTELLIGENCE 30[−]
14 MayISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
14 MayLyrie.ai Unveils Open Standard for Agent Security and Joins Anthropic’s Cyber Verification ProgramDUBAI, UAE — May 14, 2026 — As autonomous AI agents begin to handle everything from corporate bank transfers to sensitive code deployments, the digital world is facing a new “Wild West” scenario: millions of autonomous entities operating without a badge or a passport.…GBHACKERS.COM
14 MayRussian official admits VPNs cannot be fully blocked without breaking the internetA senior Russian official has acknowledged that fully blocking or disabling VPN services in Russia is technically unfeasible, warning that such attempts could severely disrupt the country’s internet infrastructure. The remarks mark one of the clearest public admissions from a Kre…CYBERINSIDER.COM
14 MayTexas sues Netflix for profiling children and selling data to advertisersTexas Attorney General Ken Paxton has filed a sweeping lawsuit against Netflix, accusing the streaming giant of misleading consumers for years while secretly operating what the state describes as a massive behavioral surveillance and advertising system targeting both adults and c…CYBERINSIDER.COM
14 MayAI cyber capability is speeding past earlier projectionsAI cyber capability is improving faster than expected, with newer models surpassing earlier projections, according to the UK government’s AI Security Institute (AISI). AISI measures AI cyber capability using “time horizon benchmarks”, which estimate how long AI systems can comple…HELPNETSECURITY.COM
14 MayVector embedding security gap exposes enterprise AI pipelinesEnterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies deploying internal AI assistants convert documents into high-dimensional numerical vectors and ship them to…HELPNETSECURITY.COM
14 MayClosing the AI governance gap in your enterpriseIn this Help Net Security video, Casey Bleeker, CEO at SurePath AI, talks about the AI governance gap that exists in almost every organization. Drawing from three years of conversations with IT, business, and security leaders, Casey explains why AI adoption is outpacing governanc…HELPNETSECURITY.COM
14 May170 npm Packages Hijacked to Steal GitHub, AWS & Kubernetes SecretsHackers have launched a large-scale supply chain attack by compromising more than 170 npm packages and two PyPI libraries, collectively downloaded over 200 million times weekly, to steal sensitive developer and cloud credentials. The malicious npm packages contain a hidden preins…GBHACKERS.COM
14 MayMicrosoft’s WinUI agent plugin trims token use by over 70% during developmentMicrosoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX packaging. The WinUI agent plugin ships one agent, eight skills, and several supporting tools targeting the l…HELPNETSECURITY.COM
14 MayHow Dangerous Is Anthropic’s Mythos AI?Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of co…SCHNEIER.COM
14 MayKimsuky targets organizations with PebbleDash-based toolsKaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.SECURELIST.COM
14 MayCofense adds AI-powered campaign detection to stop phishing attacksCofense has announced new advancements to its Phishing Defense Platform aimed at improving detection and response to AI-powered phishing attacks. The updates include AI-driven phishing detection, enhanced triage automation, and AI-assisted training campaign creation designed to s…HELPNETSECURITY.COM
14 MayWarning: Netflix Phishing Scams Can Lead to Serious ConsequencesResearchers at Bitdefender warn that Netflix-themed phishing attacks can have far-reaching consequences if users follow poor security practices. While Netflix is generally associated with a user’s personal life, phishing attacks targeting personal accounts can put users’ employer…KNOWBE4.COM
14 MayGhostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt StrikeThe Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring coun…THEHACKERNEWS.COM
14 MayA spyware investigator exposed Russian government hackers trying to hijack Signal accountsA group of likely Russian government hackers tried to hack a security researcher who investigates spyware attacks. He was then able to turn the tables on the hackers and reveal details of their espionage campaign.TECHCRUNCH.COM
14 MayMustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage CampaignMustang Panda campaign deploys updated FDMTP backdoor against Asia-Pacific and Japan networksINFOSECURITY-MAGAZINE.COM
14 MayApple’s iPhone Privacy Feature Expands to More Users WorldwideApple expanded Limit Precise Location in iOS 26.5, but the carrier privacy feature still requires select iPhones and iPads. The post Apple’s iPhone Privacy Feature Expands to More Users Worldwide appeared first on TechRepublic .TECHREPUBLIC.COM
14 MayJeff Bezos’ Blue Origin May Need Outside Cash to Catch SpaceXBlue Origin may seek outside funding for the first time as it looks to scale launches, compete with SpaceX, and expand its space business. The post Jeff Bezos’ Blue Origin May Need Outside Cash to Catch SpaceX appeared first on TechRepublic .TECHREPUBLIC.COM
14 MayLinkedIn Cuts Jobs Despite Revenue Growth as Tech Layoffs Keep SpreadingLinkedIn is cutting jobs and trimming spending across major teams despite revenue growth, as the Microsoft-owned company refocuses priorities. The post LinkedIn Cuts Jobs Despite Revenue Growth as Tech Layoffs Keep Spreading appeared first on TechRepublic .TECHREPUBLIC.COM
14 MayUpcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak: I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financial Women’s Association of New York , at 6:00 PM ET on May 21, 2026. I’m speaking at the Potsdam Conference on National Cyb…SCHNEIER.COM
14 MayPhishing Attacks Begin Targeting the 2026 FIFA World CupA major phishing operation is targeting soccer/football fans ahead of the 2026 FIFA World Cup, which begins in June, according to researchers at Flare. The attackers have set up at least 79 phishing sites impersonating the official FIFA website.KNOWBE4.COM
14 MayMore money is going to physical security, but it’s often CISOs that oversee it: EYOrganizations should centralize physical security and cybersecurity so both are adequately prepared for, the consulting firm says in a survey report.CYBERSECURITYDIVE.COM
14 MayMicrosoft: Russian hackers evolved Kazuar malware into stealthy P2P botnet“Kazuar,” a long-running malware platform linked to the Russian state-sponsored threat group Secret Blizzard, has evolved into a stealthy peer-to-peer botnet designed for persistent intelligence collection. Microsoft Threat Intelligence reports that Kazuar has transformed from a …CYBERINSIDER.COM
14 May'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, UkraineAttackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group.DARKREADING.COM
14 MayTrump’s China Summit Turns Into a Big Tech Power PlayTrump’s China summit brought Nvidia, Apple, and Tesla leaders into talks shaped by AI chips, trade pressure, and market-access demands. The post Trump’s China Summit Turns Into a Big Tech Power Play appeared first on TechRepublic .TECHREPUBLIC.COM
14 MayTop New Features in Android 17 You’ll Notice This YearGoogle previewed Android 17 with Gemini AI tools, AirDrop-style sharing, privacy upgrades, multitasking changes, and stronger security controls. The post Top New Features in Android 17 You’ll Notice This Year appeared first on TechRepublic .TECHREPUBLIC.COM
14 MayMicrosoft Retires ‘Copilot Mode’ as Edge Gets Built-In AI ToolsMicrosoft is retiring “Copilot Mode” in Edge as it builds AI browsing tools directly into Edge on desktop and mobile. The post Microsoft Retires ‘Copilot Mode’ as Edge Gets Built-In AI Tools appeared first on TechRepublic .TECHREPUBLIC.COM
14 May KEVKevin O’Leary’s ‘Wonder Valley’ Data Center Advances as Job Estimates ShiftKevin O’Leary’s Wonder Valley data center project faces scrutiny as job estimates shift and Utah residents raise environmental concerns. The post Kevin O’Leary’s ‘Wonder Valley’ Data Center Advances as Job Estimates Shift appeared first on TechRepublic .TECHREPUBLIC.COM
14 MayWhite House cyber official: identity security matters more than ever in the age of AIWhile AI tools present unique cybersecurity threats, they still rely on poor identity security by organizations to do the most damage, a White House official said Thursday. The post White House cyber official: identity security matters more than ever in the age of AI appeared fir…CYBERSCOOP.COM
14 MaySecurityScorecard Snags Driftnet to Level Up Threat IntelligenceThe new acquisition looks to boost visibility into third-party ecosystems that are becoming a bigger concern as vectors for supply-chain attacks.DARKREADING.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
14 MayWhy Malwarebytes blocks some Yahoo Mail redirectsSome Yahoo Mail users may see repeated Malwarebytes alerts caused by background connections to suspicious third-party domains. Here’s why.MALWAREBYTES.COM
14 MayGoogle Launches Android Spyware Forensics Tool for High-Risk UsersGoogle’s Android Advanced Protection Mode is getting a new feature allowing trusted security experts to investigate potential spyware infectionsINFOSECURITY-MAGAZINE.COM
14 MayStealer Backdoor Found in 3 Node-IPC Versions Targeting Developer SecretsCybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - node-ipc@9.1.6 node…THEHACKERNEWS.COM
📰 CYBERSECURITY BRIEFINGS 1[−]
📡 INFOSEC NEWS 11[−]
14 MaySimple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of all formatting, and destination…ISC.SANS.EDU
14 MayMost Organizations Now Use AI Agents for Sensitive Security TasksSemperis study finds 74% of organizations believe AI will increase attacks on identity infrastructureINFOSECURITY-MAGAZINE.COM
14 MayICO Publishes Five-Step Plan to Counter Emerging AI-Powered AttacksThe Information Commissioner’s Office has released new guidance on how to mitigate the risk of AI-powered attacksINFOSECURITY-MAGAZINE.COM
14 MayYour iPhone Gets Stolen. Then the Hacking BeginsA bustling underground ecosystem is providing criminals with the tools to unlock iPhones—and wage phishing attacks against their contacts to access bank accounts and more.WIRED.COM
14 MayNew Fragnesia Flaw Hands Linux Local Users Root AccessNew Fragnesia kernel flaw lets unprivileged local users escalate to root on Linux systemsINFOSECURITY-MAGAZINE.COM
14 MayAI Drives Cybersecurity Investments, Widening 'Valley of Death'In a role reversal, investment dollars in AI security startups exceeded the value of AI acquisitions in 1Q26 by more than $1 billion, a rare occurrence.DARKREADING.COM
14 MayCisco cuts nearly 4,000 jobs to spend more on AI, reports ‘record quarterly revenue’This is Cisco's latest layoff in recent years, while the company's chief executive touts record revenue and growth.TECHCRUNCH.COM
14 MayOpenAI says hackers stole some data after latest code security issueOpenAI said the damage was limited to the employees’ devices, and did not affect user data nor its production systems, and none of its intellectual property was stolen.TECHCRUNCH.COM
14 MayAutomating post-quantum cryptography readiness using AWS ConfigMigrating your TLS endpoints to Post-quantum cryptography (PQC) starts with understanding your current TLS endpoint inventory and posture. This post introduces the PQC Readiness Scanner — an automated tool that inventories your Application Load Balancer (ALB), Network Load Balanc…AWS.AMAZON.COM
14 MaySuspected Dream Market kingpin arrested after gold bars sent to his home addressLesson one for aspiring dark web kingpins: don't have your laundered gold bars shipped to your home address. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
14 May13 Cybersecurity Frameworks for 2026 and How to Choose | HuntressDiscover some of the most common cybersecurity frameworks by what they’re best for, plus tips for choosing the right one for your organization.HUNTRESS.COM