🚨 CISA KEV 3[−]
15 May KEVCISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access ExploitsThe U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remedi…THEHACKERNEWS.COM
15 May KEVCisco warns of an actively exploited SD-WAN flaw with max severityCisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warning that the flaw has already been found to be exploited in the wild. The disclosure follows an earlier authentication bypass…CSOONLINE.COM
15 May KEVCVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEVCVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEV Cisco has disclosed CVE-2026-20182, a critical authentication bypass affecting Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). The flaw is in the peering a…SOCRADAR.IO
🐛 COMMON VULNERABILITIES AND EXPOSURES 28[−]
15 MayPalo Alto Firewalls Hit by Zero-Day Allowing Arbitrary Code Execution as RootA devastating zero-day vulnerability in Palo Alto Networks firewalls is under active exploitation by suspected state-sponsored hackers, allowing unauthenticated attackers to seize complete control of enterprise security infrastructure. The flaw, tracked as CVE-2026-0300 with a cr…GBHACKERS.COM
15 MayOn-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted EmailMicrosoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a …THEHACKERNEWS.COM
15 MayNext.js Security Flaw Leaks Cloud Credentials, API Keys, and Admin InterfacesNext.js, one of the most widely used React frameworks, has been hit by a high-severity vulnerability that could allow attackers to extract sensitive cloud credentials, API keys, and even access internal admin interfaces. The flaw, tracked as CVE-2026-44578, exposes a critical wea…GBHACKERS.COM
15 MayCVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer ChainsInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handlingInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv commandInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protectionInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1Information published.MSRC.MICROSOFT.COM
15 MayCVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in usernameInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoSInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1Information published.MSRC.MICROSOFT.COM
15 May KEVCisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin AccessCisco has disclosed a critical vulnerability in its Catalyst SD-WAN platform that is already being exploited in the wild, allowing attackers to gain administrative control over enterprise networks without authentication. Critical SD-WAN flaw under attack The vulnerability, tracke…GBHACKERS.COM
15 MayAmazon Redshift JDBC Driver Flaws Expose Systems to RCE AttacksAmazon Redshift users are facing a serious security risk after researchers uncovered a high-severity vulnerability that could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2026-8178, affects the widely used Amazon Redshift JDBC Driver and…GBHACKERS.COM
15 MayUnpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 …HELPNETSECURITY.COM
15 May KEVPraisonAI Vulnerability Actively Exploited Within Hours of Being Made PublicA high-severity vulnerability in PraisonAI is drawing urgent attention after security researchers observed exploitation attempts within hours of public disclosure. The flaw, tracked as CVE-2026-44338 and documented in the GitHub advisory GHSA-6rmh-7xcm-cpxj, exposes a critical au…GBHACKERS.COM
15 MayVMware Fusion Flaw Could Allow Attackers to Gain Root PrivilegesA newly disclosed vulnerability in VMware Fusion has raised serious security concerns after researchers confirmed it could allow attackers to escalate privileges to root on affected systems. The flaw, tracked as CVE-2026-41702, has been rated high severity with a CVSS score of 7.…GBHACKERS.COM
15 May KEVCisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)Cisco has patched yet another Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) that has been exploited as a zero-day by “a highly sophisticated cyber threat actor”. About CVE-2026-20182 CVE-2026-20182 – affecting both Cisco Catalys…HELPNETSECURITY.COM
15 MayCVE-2026-40379 Azure Entra ID Spoofing VulnerabilityCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
15 MayCVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-dayMicrosoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1)…SECURITYAFFAIRS.COM
15 May KEVExchange Server zero-day vulnerability can be triggered by opening a malicious emailA newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s already being exploited in the wild, this isn’t a ‘patch next week situation; it…CSOONLINE.COM
15 MayMetasploit Wrap-Up 05/15/2026Weaponizing a text editor for fun and profit Gather round, dear readers, because today, we (by we, we mean @h00die) dropped the ultimate persistence mechanism: Vim plugin persistence. And honestly, calling it "persistence" feels redundant — Vim is already the most persistent thin…RAPID7.COM
⚠️ VULNERABILITY DISCLOSURE 40[−]
15 MayHow a Google API Key Became an $8,000 AI Bill, Meta Scam Ads Lawsuit, and 73-Second Cyber AttacksGoogle Cloud customers are reporting shocking surprise bills after compromised or misused API keys were allegedly used to access expensive Gemini AI services. In one case, Rod Dinan says his monthly Google Cloud costs jumped from under $50 to nearly $8,000. Sydney developer Isuru…CYBERSECURITYTODAY.LIBSYN.COM
15 MayThe AI oversight paradox: Is the investment worth the cost of watching it?Unlike in 2025, when AI adoption and testing drove business strategies, organizations in 2026 want proven ROI before committing budgets, according to a report by Globalization Partners. How global executives characterize their organization’s approach to AI adoption (Source: Globa…HELPNETSECURITY.COM
15 MayHackers Exploit Scheduled Tasks for Persistence in FrostyNeighbor AttacksHackers linked to the long-running FrostyNeighbor cyber‑espionage group have intensified attacks against Ukrainian government organizations, deploying updated techniques that rely on scheduled tasks for stealthy persistence and server-side validation to evade detection. FrostyNei…GBHACKERS.COM
15 MayDell SupportAssist Update Forces Windows Systems Into BSOD LoopA faulty update to Dell’s SupportAssist Remediation service is triggering widespread system crashes, forcing thousands of Dell and Alienware devices into continuous Blue Screen of Death (BSOD) loops. Affected systems repeatedly crash with the “CRITICAL_PROCESS_DIED” error, often …GBHACKERS.COM
15 MaySoap Box: Where does AI fit into cloud security?In this sponsored soap box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, the founder of Prowler. Prowler started off as a bunch of scripts in a trenchcoat, then became an open source cloud security tool, and it’s now a venture-funded cloud secur…RISKY.BIZ
15 MayTeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud CredentialsA financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensitive developer and cloud credentials at scale. TeamPCP’s core strategy is simple but highly effective: compromise trusted b…GBHACKERS.COM
15 MayPwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fallPwn2Own Berlin 2026 day one saw 22 entries and 24 zero-days across major software, with researchers earning $523,000 in total rewards. Day one of Pwn2Own Berlin 2026 featured 22 entries targeting widely used technologies, including browsers, operating systems, AI platforms, and N…SECURITYAFFAIRS.COM
15 MayMultiple cPanel Vulnerabilities Could Lead to Sensitive Resource ExposureMultiple newly disclosed vulnerabilities in cPanel & WHM, including the critical CVE‑2026‑41940 authentication bypass bug and a cluster of May 2026 flaws, could allow attackers to access sensitive resources and hosting accounts if servers remain unpatched. Organizations runni…GBHACKERS.COM
15 MayChina-Linked Hackers Deploy New TencShell Malware Against Global ManufacturerA suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkitINFOSECURITY-MAGAZINE.COM
15 MayResearchers uncover YellowKey and GreenPlasma Windows Zero-DaysResearchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and Gree…SECURITYAFFAIRS.COM
15 MayMicrosoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026The world’s top ethical hackers wasted no time breaking into modern software and AI systems on the opening day of Pwn2Own Berlin 2026, exposing critical zero-day vulnerabilities in Microsoft Edge, Windows 11, LiteLLM, and NVIDIA platforms. On May 14, researchers demonstrated 24 u…GBHACKERS.COM
15 May KEVEU’s Cyber Resiliency Act will put IT leaders to the testUnlike most cyber security regulations, the EU’s Cyber Resilience Act is about product safety rather than processes or certification, extending the CE mark from the physical side of products to software, firmware, backend services, and anything with a network connection. It encod…CSOONLINE.COM
15 MayThe economics of ransomware 3.0The moment every boardroom dreads There is a moment in almost every ransomware negotiation — usually around 36 hours, when legal, IT and the CFO are all in the same room — when someone says it out loud: “Let’s just see what the insurance covers.” That instinct, understandable as …CSOONLINE.COM
15 MayRocky Linux launches opt-in security repository for urgent fixesRocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists and upstream patches are unavailable. “The repository is disabled by default. That’s intentio…HELPNETSECURITY.COM
15 MayMicrosoft Warns HPE Operations Agent Abused in Malware-Free AttacksMicrosoft has revealed a stealthy intrusion campaign where attackers bypassed traditional malware and exploits, instead abusing trusted enterprise tools to silently infiltrate networks. The technique highlights a growing shift in cyberattacks where adversaries rely on legitimate …GBHACKERS.COM
15 MayAutonomous systems are finally working. Security is nextWaymo recently crossed a major milestone: Over 170 million autonomous miles driven without a single serious crash or injury. For years, autonomous driving was treated as a promise that was always just out of reach — too complex, too risky and not ready for the real world. That ar…CSOONLINE.COM
15 MayGremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource FilesUnit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data. The post Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
15 MayTanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS UpdatesOpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized mann…THEHACKERNEWS.COM
15 MayAkamai to acquire LayerX for $205 millionAkamai has entered into a definitive agreement to acquire LayerX, a provider of browser-based AI usage control and secure enterprise browser (SEB) technology. LayerX’s solutions will extend Akamai’s protection into the browser, where the majority of enterprise tasks now occur and…HELPNETSECURITY.COM
15 MayShai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS & KubernetesShai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over “Shai-Hulud,” a self-propagating npm worm designed to steal sensitive developer credentials from GitHub, AWS, Kubernetes, and local environment…GBHACKERS.COM
15 MayGoogle Project Zero Details Pixel 10 Zero-Click Exploit ChainA powerful zero-click exploit chain for the Pixel 10 that can take an attacker from a remote Dolby decoding bug to full kernel control through a single vulnerable video processing driver. The work shows both how quickly Google can now patch critical issues and how shallow mistake…GBHACKERS.COM
15 MayHackers Exploit OAuth Device Flow to Steal Microsoft 365 TokensHackers are rapidly weaponizing a little-known Microsoft authentication feature to hijack enterprise accounts, as device code phishing surges across the threat landscape. The spike in activity is closely tied to the public release of criminal toolkits and phishing-as-a-service (P…GBHACKERS.COM
15 MayMicrosoft Reports Severe Zero-Day Flaw in On-Prem Exchange ServersThe zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription EditionINFOSECURITY-MAGAZINE.COM
15 MayRedesigning Security Culture for the Agentic AgeThe launch of platforms like Moltbook , OpenClaw , and RentAHuman in early 2026 has provided an unsettling glimpse into the future. We are entering a phase of the digital workplace where AI agents no longer just assist us, they interact with one another, act autonomously in the p…KNOWBE4.COM
15 MayCISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by SundayCisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.”THERECORD.MEDIA
15 MayResearchers claim the first macOS kernel exploit on Apple M5 chipsSecurity researchers have announced what they describe as the first public macOS kernel memory corruption exploit capable of bypassing Apple’s Memory Integrity Enforcement (MIE) protections on the latest M5 chip. The exploit chain, developed by researchers at Calif with assistanc…CYBERINSIDER.COM
15 MayHack One, Own Every MowerRobotic lawnmowers and similar IoT devices can become security risks when attackers gain firmware access or exploit weak credential practices. When devices share identical configurations or weak default credentials, compromising one unit can potentially expose entire fleets. In p…YOUTUBE.COM
15 MayCisco zero-day under ongoing attack by persistent threat groupThe threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems. The post Cisco zero-day under ongoing attack by persistent threat group appeared first on CyberScoop .CYBERSCOOP.COM
15 MayFour OpenClaw Flaws Enable Data Theft, Privilege Escalation, and PersistenceCybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expo…THEHACKERNEWS.COM
15 MayUS orders travelers on Air Force One to throw away gifts, pins, and burner phones after China tripPeople who travelled to Beijing for a summit between the United States and China had to throw away items they received during the trip before boarding Air Force One, presumably for security reasons.TECHCRUNCH.COM
15 MayOpenAI impacted by TanStack supply-chain attack.Shai-Hulud code has been leaked. Microsoft warns of critical zero-day in on-prem Exchange Servers.THECYBERWIRE.COM
15 MayAttackers exploit critical flaw in Cisco Catalyst SD-WAN ControllerResearchers discovered the authentication bypass vulnerability while investigating a prior issue in the same service.CYBERSECURITYDIVE.COM
15 MayMullvad VPN exit IP patterns could enable user fingerprintingA researcher has disclosed a privacy weakness in Mullvad VPN that could allow users to be probabilistically identified across different VPN servers by correlating the exit IP addresses assigned to their WireGuard connections. The issue stems from how Mullvad deterministically ass…CYBERINSIDER.COM
15 MayHere’s how the FTC plans to enforce the Take It Down ActThe commission will dole out hefty fines and promises investigations for Take It Down Act violators. Experts say questions remain around the agency’s resources and priorities. The post Here’s how the FTC plans to enforce the Take It Down Act appeared first on CyberScoop .CYBERSCOOP.COM
15 MayA Vulnerability in Microsoft Exchange Server Could Allow for Arbitrary Code ExecutionA vulnerability has been discovered in Microsoft Exchange Server that could allow for arbitrary code execution. Microsoft Exchange Server is an enterprise-level email and collaboration platform developed by Microsoft that runs on Windows Server. Successful exploitation could allo…CISECURITY.ORG
15 MayOne email could be all it takes.Microsoft sounds the alarm on a critical Exchange zero-day, OpenAI and Mistral AI deal with fallout from a widening supply-chain attack campaign, and researchers uncover a thriving underground market for unlocking stolen iPhones. A stealthy macOS infostealer spreads through Click…THECYBERWIRE.COM
15 MayMicrosoft Exchange zero-day chain nets DEVCORE $200K at Pwn2OwnPwn2Own Berlin 2026 continued with another wave of successful zero-day demonstrations on Thursday, as security researchers earned $385,750 for 15 unique vulnerabilities targeting enterprise software, AI platforms, operating systems, and developer tools. The biggest payout of the …CYBERINSIDER.COM
15 MayExpired domain leads to supply chain attack on node-ipc npm packageA popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root cause of the compromise was an expired domain name that attackers managed to register in order to hijack a maintainer’s account…CSOONLINE.COM
15 MayCisco, Canvas, Microsoft, Exchange 0-Days, NPM Backdoors, GPT-5.5 and more... - SWN #581Cisco Catalyst, Canvas, Exchange 0-Days, BitLocker Bypass, Mini Shai Hulud, Node IPC, Patch Tuesday, GPT-5.5, Supply Chain Attacks, and More on the Security Weekly News Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/sw…YOUTUBE.COM
15 MayPwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900KDay two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own Berlin 2026, security researchers earned $385,750 after successfully demonstrating 15 unique zero-day vulnera…SECURITYAFFAIRS.COM
📋 SECURITY BULLETINS 1[−]
15 MayGoogle Patches 79 Chrome Security Vulnerabilities, 14 Rated CriticalGoogle has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.167/168 for Windows and Mac an…GBHACKERS.COM
📢 SECURITY ADVISORIES 3[−]
15 MaySignal threatens to leave Canada over proposed lawful access billEncrypted messaging platform Signal says it would withdraw from the Canadian market rather than comply with provisions in Ottawa’s proposed lawful access legislation that it believes could undermine encryption and introduce dangerous security vulnerabilities. In an interview with…CYBERINSIDER.COM
15 MayWhat 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack SurfaceIn Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted …THEHACKERNEWS.COM
15 MayTurla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent AccessThe Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Age…THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 8[−]
15 MayTaiwan Incident Highlights Cybersecurity Gaps in Rail SystemsA Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an anti-terrorism response.DARKREADING.COM
15 MayWindows 11 and NVIDIA hacked on the first day of Pwn2Own Berlin 2026Researchers earned more than half a million dollars on the opening day of Pwn2Own Berlin 2026 after successfully demonstrating 24 previously unknown vulnerabilities across AI platforms, NVIDIA software, Windows 11, Linux systems, and developer tools. The first day of the hacking …CYBERINSIDER.COM
15 MayOpenAI confirms exposure in recent ‘Shai-Hulud’ supply-chain attackOpenAI says a recent software supply-chain attack tied to the “Mini Shai-Hulud” malware campaign impacted two employee devices and exposed limited internal credentials, prompting the company to rotate code-signing certificates for its desktop applications. The company said it fou…CYBERINSIDER.COM
15 MayInside The Gentlemen Ransomware Leak: When the Hunter Becomes the HuntedInside The Gentlemen Ransomware Leak: When the Hunter Becomes the Hunted Ransomware groups spend their days breaking into networks, stealing data, and pressuring victims into paying. They rarely find themselves on the other side of that equation. But in early May 2026, one of the…SOCRADAR.IO
15 MayGunra Ransomware Expands RaaS After Conti Locker ShiftGunra ransomware is rapidly evolving into a more structured and dangerous cybercrime operation after shifting from a Conti-based locker to its own Ransomware-as-a-Service (RaaS) model. First discovered in April 2025, the group initially targeted a small number of victims, but its…GBHACKERS.COM
15 MayAttackers replaced JDownloader installer downloads with malwareThe JDownloader website was compromised and installer download links served malware for several days.MALWAREBYTES.COM
15 MayMore than $10 million stolen from crypto platform THORChainTHORChain officials said the investigation into the incident is ongoing but explained that one of their six vaults was compromised, leading to a loss of about $10.7 million.THERECORD.MEDIA
15 MayYour NPM Package Is Stealing SecretsMalicious versions of the Node IPC NPM package contained heavily obfuscated payloads designed to steal developer and cloud credentials. The malware targeted AWS, Azure, GCP, GitHub, Kubernetes, Terraform, SSH keys, and dozens of other secret categories while disguising outbound t…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 24[−]
15 MayNew infosec products of the week: May 15, 2026Here’s a look at the most interesting products from the past week Alation, Apricorn, Versa Networks, and TrustCloud. The questionnaire-based TPRM model is broken, and TrustCloud has a fix TrustCloud announced a new version of TrustLens, its third party risk management (TPRM) solu…HELPNETSECURITY.COM
15 MayISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 MayPopular node-ipc npm Library Hit by Supply Chain Attack, Impacting 822K Weekly DownloadsA widely used npm package with more than 822,000 weekly downloads has once again become the center of a serious supply chain attack, raising fresh concerns across the JavaScript ecosystem. Security researchers at Socket have uncovered multiple malicious versions of the popular no…GBHACKERS.COM
15 MayDeepfake detection is losing ground to generative modelsDeepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial detectors analyze pixels, frequencies, and biometric signals to answer that question, and the best of them post strong accuracy numbe…HELPNETSECURITY.COM
15 MayZombie linkages are keeping expired domains trusted for yearsDomains expire, get transferred, and return to the market every day. The systems connected to those domains can continue trusting the original owner long after control has changed. Researchers at USC and the University of Twente examined this problem in three widely used systems:…HELPNETSECURITY.COM
15 MayMicrosoft Exposes Kazuar Malware’s Modular P2P Botnet ArchitectureMicrosoft has revealed new technical insights into Kazuar, a long-running malware linked to the Russian state-backed group Secret Blizzard, highlighting its evolution into a stealthy, modular peer-to-peer (P2P) botnet designed for persistent cyber espionage. Originally identified…GBHACKERS.COM
15 MayKeycard helps developers secure autonomous AI agents with scoped accessKeycard has announced Keycard for Multi-Agent Apps, extending its platform to support delegated, session-based access across systems of autonomous agents. Keycard lets developers build apps where every agent has its own identity, access is scoped to each task and every action is …HELPNETSECURITY.COM
15 MayTycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFAA new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential theft. This development comes just weeks after a global takedown effort led by Microsoft and Europol dis…GBHACKERS.COM
15 MayOrBit Rootkit Targets Linux to Steal SSH and Sudo CredentialsHackers are continuing to abuse a stealthy Linux rootkit known as OrBit to harvest SSH and sudo credentials, with new research showing the threat has quietly evolved over four years while remaining active in the wild. First analyzed in 2022, OrBit was initially believed to be a c…GBHACKERS.COM
15 MayThieves unlock stolen iPhones using cheap tools sold on TelegramHelping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure used to monetize stolen iPhones. Activation Lock can remotely disable a stolen iPhone and prevent normal r…HELPNETSECURITY.COM
15 MayBypassing On-Camera Age-Verification ChecksSome AI-based video age-verification checks can be fooled with a fake mustache .SCHNEIER.COM
15 MayGhostwriter group resumes attacks on Ukrainian Government targetsESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fresh activity attributed to the APT group FrostyNeighbor, aka Ghostwriter, active …SECURITYAFFAIRS.COM
15 MayGoogle lets Workspace admins apply one policy across all SAML appsGoogle has updated Context-Aware Access (CAA) in Google Workspace to introduce a default policy assignment for SAML applications. SAML applications are third-party or internal applications that use the Security Assertion Markup Language (SAML) protocol to enable single sign-on (S…HELPNETSECURITY.COM
15 MayTraffic-Themed SMS Phishing Targets Users Around the WorldResearchers at Bitdefender are tracking 40 separate SMS phishing (smishing) campaigns impersonating transport authorities, toll operators, and parking services around the world. The researchers have observed more than 79,000 scam text messages with over 29,000 unique variant…KNOWBE4.COM
15 MayRaising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty programWe're updating our bug bounty program standards to prioritize quality submissions, clarify shared responsibility boundaries, and evolve how we reward low-risk findings. The post Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program a…GITHUB.BLOG
15 MayFigure Humanoid Robots Sort Packages Non-Stop in 24/7 DemoFigure AI’s Helix 02 humanoid robots neared 40 hours of autonomous work and almost 50,000 packages in a livestreamed warehouse demo. The post Figure Humanoid Robots Sort Packages Non-Stop in 24/7 Demo appeared first on TechRepublic .TECHREPUBLIC.COM
15 MayGoogle’s Default 15GB Free Storage Is Ending for Some New AccountsGoogle is testing a change that gives some new accounts 5GB by default, with the full 15GB unlocked only after phone verification. The post Google’s Default 15GB Free Storage Is Ending for Some New Accounts appeared first on TechRepublic .TECHREPUBLIC.COM
15 MayMSPs need AI to fight AI-fueled cyberthreats: GuardzEntry points haven’t changed but the speed and scale of attacks have intensified, the security vendor found.CYBERSECURITYDIVE.COM
15 MayWhy Integrate Threat Intelligence Feeds into Email Security?It's getting harder to distinguish legitimate emails from malicious ones as phishing messages mimic real conversations, use trusted domains and increasingly leverage AI to scale and refine attacks.KNOWBE4.COM
15 MayUS Approves Nvidia H200 Sales to China, But Shipments Remain StalledUS approvals could let Nvidia sell H200 AI chips to China, but Beijing’s security concerns and export rules have stalled shipments. The post US Approves Nvidia H200 Sales to China, But Shipments Remain Stalled appeared first on TechRepublic .TECHREPUBLIC.COM
15 MayNew Windows Update May Undo Bad Driver Updates on Its OwnMicrosoft is testing Cloud-Initiated Driver Recovery, a Windows Update feature designed to roll back bad drivers with less manual IT work. The post New Windows Update May Undo Bad Driver Updates on Its Own appeared first on TechRepublic .TECHREPUBLIC.COM
15 MayApple and OpenAI’s ChatGPT Deal Reportedly Risks Legal ClashApple and OpenAI’s AI partnership is reportedly under strain as Siri plans, ChatGPT integration, and OpenAI hardware ambitions collide. The post Apple and OpenAI’s ChatGPT Deal Reportedly Risks Legal Clash appeared first on TechRepublic .TECHREPUBLIC.COM
15 MayOpenAI Warns Mac Users to Update Apps After Supply-Chain AttackOpenAI says Mac users must update ChatGPT, Codex, and Atlas apps by June 12 after an npm supply-chain attack exposed signing certificates. The post OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack appeared first on TechRepublic .TECHREPUBLIC.COM
15 MayColorado governor commutes prison sentence for election denier Tina PetersPeters was sentenced to nine years for stealing voting data and has been publicly unrepentant. But Colorado Governor Jared Polis has been hinting at the decision for months. The post Colorado governor commutes prison sentence for election denier Tina Peters appeared first on Cybe…CYBERSCOOP.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
15 May[Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)&#;xd; &#;xd; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;…ISC.SANS.EDU
📡 INFOSEC NEWS 6[−]
15 MayStrong Stack. Strong Team. Real Security Resilience.Learn how to build a resilient security stack and program that cuts alert noise, strengthens identity defense, and helps teams respond faster.HUNTRESS.COM
15 MayCyber Pioneers Ponder Past as PrologueRobert "RSnake" Hansen, Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier reflect on how their favorite columns penned for Dark Reading over the past 20 years have stood the test of time.DARKREADING.COM
15 MayMeta’s confusing new approach to chat privacyWhatsApp now offers disappearing AI chats Meta says it cannot read. While Instagram just removed the feature that stopped Meta reading your messages.MALWAREBYTES.COM
15 MayGremlin Stealer Evolves into Modular Threat with Advanced Evasion CapabilitiesA new Gremlin stealer variant has evolved into a modular toolkit with advanced evasion and data theft capabilities, according to new Unit 42 researchINFOSECURITY-MAGAZINE.COM
15 MayThe AWS AI Security Framework: Securing AI with the right controls, at the right layers, at the right phasesTL;DR for busy executives The AWS AI Security Framework helps security leaders move fast and stay secure with AI. Security compounds from day 1 as workloads evolve from prototype to production to scale. Assess first. Request a no-cost SHIP engagement to baseline your posture and …AWS.AMAZON.COM
15 MayA hotel check-in system left a million passports and driver’s licenses open for anyone to seeThe tech company that maintains the hotel check-in system set its cloud storage to public, allowing anyone to access customers' data without a password.TECHCRUNCH.COM