106Articles
9Categories
2026-05-18Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
18 May KEVExperts warn of active exploitation of critical NGINX flaw CVE-2026-42945A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVSS v4 score of 9.2), is already being actively exploited shor…SECURITYAFFAIRS.COM
18 MayCritical Marimo RCE Flaw Could Let Attackers Execute Malicious Code RemotelyA newly disclosed critical vulnerability in the Marimo Python notebook framework is raising serious alarms across the cybersecurity community, as it allows attackers to execute arbitrary commands remotely, without authentication. Tracked as CVE-2026-39987, the flaw exposes a WebS…GBHACKERS.COM
18 MayChaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fixMiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day …SECURITYAFFAIRS.COM
18 May KEVVU#777338: SGLang contains two remote code execution and one path traversal vulnerabilityOverview Three vulnerabilities have been discovered in the SGLang project, two enabling remote code execution (RCE), and one regarding a path traversal vulnerability. In order for an attacker to exploit these vulnerabilities, the multimodal generation mode must be enabled, and an…KB.CERT.ORG
18 MayIvanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation FlawsIvanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.…THEHACKERNEWS.COM
18 May KEVCritical NGINX Vulnerability Lets Hackers Launch Remote Code Execution AttacksA newly disclosed vulnerability in NGINX is already being actively exploited, raising serious concerns across the global cybersecurity community. Tracked as CVE-2026-42945, the flaw affects both NGINX Open Source and NGINX Plus, potentially allowing attackers to crash servers or …GBHACKERS.COM
18 MayGamaredon Deploys GammaDrop, GammaLoad in Phishing CampaignsGamaredon Uses GammaDrop and GammaLoad Downloaders in Multi-Stage Phishing Attacks. A sustained cyber-espionage campaign linked to the Gamaredon threat group is actively targeting Ukrainian government entities using multi-stage phishing attacks and evolving malware loaders. Gamar…GBHACKERS.COM
18 May‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploitAn old elevation-of-privilege (EoV) vulnerability affecting the Cloud Filter driver “cldflt.sys” in Windows has come back to haunt Microsoft, as researchers claim it is still exploitable six years after it was supposedly patched. The flaw, originally reported to Microsoft by Goog…CSOONLINE.COM
18 MayAttackers are exploiting critical NGINX vulnerability (CVE-2026-42945)A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and ca…HELPNETSECURITY.COM
18 MayMicrosoft Exchange Zero-Day Under Attack, No Patch AvailableCVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.DARKREADING.COM
⚠️ VULNERABILITY DISCLOSURE 40[−]
18 MayThe Boring Stuff is Dangerous NowAI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt accordingly.DARKREADING.COM
18 MayWhen ransomware hits, confidence doesn’t restore endpointsRansomware, supply chain vulnerabilities, insider threats, compliance failures, and software disruptions remain major concerns for security leaders, according to The Ransomware Reality: Zero Days to Recover report by Absolute Security. How CISOs currently ensure endpoint resilien…HELPNETSECURITY.COM
18 MayClaude Code Vulnerability Allows Attackers to Run Commands Through Crafted DeeplinksA recently disclosed flaw in Claude Code allowed attackers to execute arbitrary system commands using a single crafted deeplink URL, turning a convenience feature into a remote code execution (RCE) vector. The issue, documented by security researcher Joernchen, has been fixed in …GBHACKERS.COM
18 MayFormer CISA nominee Sean Plankey named US CEO of defense startupUFORCE, a London-based company founded by Ukrainians, is looking to make drones in America. The post Former CISA nominee Sean Plankey named US CEO of defense startup appeared first on CyberScoop .CYBERSCOOP.COM
18 MayCrafted JPEGs Could Trigger PHP Memory Bugs for ExploitationPHP, one of the most widely used web programming languages, is rarely viewed as a direct attack surface at its core level. Security focus typically shifts toward frameworks and third-party libraries. However, new research shows that PHP’s built-in functionality specifically the e…GBHACKERS.COM
18 MayResearchers Build First Public Apple M5 macOS Kernel Exploit with Mythos PreviewSecurity researchers have unveiled the first publicly known macOS kernel memory corruption exploit targeting Apple’s latest M5 silicon, marking a significant moment for both offensive security and Apple’s next-generation defenses. The exploit, developed in collaboration with Myth…GBHACKERS.COM
18 MayMalicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto WalletsA new supply chain attack campaign targeting developers has surfaced in the npm ecosystem, with four malicious packages discovered stealing sensitive data, including SSH keys, cloud credentials, and cryptocurrency wallets. The campaign, identified by OX Security within the past 2…GBHACKERS.COM
18 MayLyrie: Open-source autonomous pentesting agentPenetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase. Th…HELPNETSECURITY.COM
18 MayAI shrinks vulnerability exploitation window to hoursTime has become organizations’ biggest vulnerability because the gap between vulnerability discovery and exploitation has narrowed to hours, according to Synack’s 2026 State of Vulnerabilities Report. Total vulnerabilities by severity (2022-2025) (Source: Synack) AI expands the a…HELPNETSECURITY.COM
18 MayCritical FunnelKit Vulnerability Puts 40,000+ WooCommerce Sites at RiskA critical security vulnerability in the Funnel Builder plugin by FunnelKit is actively being exploited, putting more than 40,000 WooCommerce websites at risk of payment data theft. The vulnerability affects all Funnel Builder versions prior to 3.15.0.3 and allows unauthenticated…GBHACKERS.COM
18 Mayn8n Security Flaws Could Let Attackers Achieve Remote Code ExecutionA set of critical vulnerabilities in the popular workflow automation platform n8n has raised serious security concerns, with researchers warning that attackers could chain multiple flaws to achieve full remote code execution (RCE) on affected systems. The issues, disclosed in mul…GBHACKERS.COM
18 May201 arrested in INTERPOL disruption of phishing and fraud networksOperation Ramz, a cybercrime initiative coordinated by INTERPOL across the MENA region, focused on disrupting phishing campaigns, malware activity, and cyber scams that caused substantial financial losses across the region. The operation resulted in the arrest of 201 individuals …HELPNETSECURITY.COM
18 MayWhy the best security investment a board can make in 2026 isn’t another toolThere is a conversation that happens in boardrooms every quarter that security leaders will recognize. The CISO presents the threat landscape. The board asks what the company needs. The answer, almost always, is another tool. Another platform, another module, another vendor to cl…CSOONLINE.COM
18 MayAI coding is fueling a secrets-sprawl crisis few CISOs are containingWhen Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself . He “just had a vision,” and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious secu…CSOONLINE.COM
18 MayAI Has a data problem, cascading breaches, and the weekly news - Dimitri Sirota - ESW #459### Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn’t. It lives in the data. In this episode, BigID’s CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitiv…YOUTUBE.COM
18 MaySecurity Researchers Find 47 Zero-Days at Pwn2Own BerlinThe research community was awarded $1.3m as it found dozens of novel vulnerabilities at Pwn2Own BerlinINFOSECURITY-MAGAZINE.COM
18 MayAttackers accessed, downloaded code from Grafana Labs’ GitHubA threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization firm announced on Sunday. The breach is significant given Grafana Labs’ widespread use across enterpri…HELPNETSECURITY.COM
18 MayMiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched SystemsChaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codena…THEHACKERNEWS.COM
18 MayFour Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS MalwareCybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util …THEHACKERNEWS.COM
18 MayZero-Day Exploit Against Windows BitLockerIt’s nasty , but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption …SCHNEIER.COM
18 MayGremlin Stealer Hides Payloads in .NET Resources to Evade DetectionA newly discovered variant of the Gremlin Stealer is raising concerns among security researchers by adopting stealth-focused techniques that significantly reduce its detection footprint. Gremlin Stealer is an information-stealing malware actively sold on Telegram. It targets a wi…GBHACKERS.COM
18 MayNew image-based prompt injection attack targets multimodal AI modelsSecurity researchers have developed a new image-based prompt injection attack that can manipulate how multimodal AI systems interpret user instructions without modifying the original text prompt, potentially expanding security risks for AI agents and vision-language systems. In a…CSOONLINE.COM
18 MayOpen source tool maker Grafana Labs says hackers stole its code, refuses to pay ransomThe open source project said hackers stole its codebase and threatened to publish its source code if the company did not pay.TECHCRUNCH.COM
18 MayAI Security Shifts To Data ControlMost organizations today use commercial AI systems rather than hosting or training their own models. That includes platforms like OpenAI, Gemini, Microsoft Copilot, and Anthropic. This shift changes the security problem. Instead of focusing on testing model vulnerabilities, organ…YOUTUBE.COM
18 MayShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate i…SECURITYAFFAIRS.COM
18 May⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreMonday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One …THEHACKERNEWS.COM
18 MayResearchers craft a kernel exploit on Apple's M5 chips, with help from Mythos.Santa Clara County files lawsuit against Meta over alleged advertising practices. IBM security executive eyed for CISA director.THECYBERWIRE.COM
18 May18th May – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 18th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Vodafone, a major international telecom, has sustained a source code leak claimed by the Lapsus$ extortion group. The company confirme…RESEARCH.CHECKPOINT.COM
18 MayMY TAKE: AI agents force a rethink of enterprise service lines as vendors move up the tech tackORLANDO — Companies are pulling AI agents into their daily operations through a dozen side doors. Related: SaaS and AI agents converge One of them was in focus at KB4-CON , KnowBe4’s annual customer conference at the Marriott World Center … (more…) The post MY TAKE: AI agen…LASTWATCHDOG.COM
18 MayAI cyberattackers are getting better fasterThe ability of AI models to perform end-to-end, multi-stage penetration tests that match the capabilities of humans undertaking the same tasks has improved dramatically in recent months, according to new benchmarks published by the UK government’s AI Security Institute (AISI). In…CSOONLINE.COM
18 MayMicrosoft: Edge 148 will stop loading cleartext passwords in memoryMicrosoft says it is changing how Edge handles saved passwords in memory following public criticism and the release of a proof-of-concept tool that demonstrated credentials could be extracted in cleartext from the browser’s process memory. Microsoft confirmed that future versions…CYBERINSIDER.COM
18 MayAI is drowning software maintainers in junk security reportsAI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. Linus Torvalds, the Linux kernel’s creator, says the flood has made …HELPNETSECURITY.COM
18 MayGame over for 74 suspected scammers after Dutch cops plastered their faces on billboardsThe Dutch police’s Game Over?! campaign, which publicly displays images of suspected fraudsters to encourage self-surrenders and gather public tips, is proving successful, with the identities of 74 of the 100 suspects shown already identified. A digital display promoting the Dutc…HELPNETSECURITY.COM
18 MayAI Ends Productivity GuessworkAI tools and LLM-based workflows are changing how work output is produced and evaluated. Unlike traditional office environments or early remote work, output can now be tracked more directly through generated results and activity. This shifts productivity measurement away from phy…YOUTUBE.COM
18 MayGrafana confirms GitHub token breach cybercrime group claims the attackGrafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was tri…SECURITYAFFAIRS.COM
18 MayMicrosoft May security patch fails for some due to boot partition size glitch“Something didn’t go as planned. Undoing changes.” That’s all the clue some Windows 11 users will get when Microsoft’s May Security Update fails to install because of insufficient free space on the EFI System Partition (ESP), leaving their systems unprotected by the dozens of pat…CSOONLINE.COM
18 MayThe M5 just met its memory problem.Researchers crack Apple’s M5 memory protections with a kernel exploit. An IBM Security executive emerges as a possible CISA pick. Researchers uncover four malicious npm packages. AI-generated “slop” floods bug bounty programs. Major healthcare breaches hit the HHS tracker, 7-Elev…THECYBERWIRE.COM
18 MayAI might cut false positives, but it won’t stop the slopAnthropic and OpenAI promise their latest tools will find more vulnerabilities. Cybersecurity employees say they’re already flooded with AI-generated reports. The post AI might cut false positives, but it won’t stop the slop appeared first on CyberScoop .CYBERSCOOP.COM
18 MayShai-Hulud Worm Clones Spread After Code ReleaseThe release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.DARKREADING.COM
18 MayMultiple Vulnerabilities in NGINX Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in NGINX, the most severe of which could allow for remote code execution. NGINX is a software used for web serving, reverse proxying, caching, and load balancing. Successful exploitation of the most severe of these vulnerabilities may…CISECURITY.ORG
📢 SECURITY ADVISORIES 4[−]
18 MayCan Laws Stop Deepfakes? South Korea Aims to Find OutSouth Korea's local elections next month will be a test bed for how effective regulations might be to stymie the flow of deepfakes.DARKREADING.COM
18 MayMicrosoft Acknowledges Windows 11 Update Failure Linked to Error 0x800f0922Microsoft has acknowledged a growing issue affecting Windows 11 users: the May 2026 cumulative update (KB5089549) fails to install, resulting in error code 0x800f0922. The problem is affecting systems running Windows 11 versions 24H2 and 25H2, raising concerns among enterprise ad…GBHACKERS.COM
18 MayNCSC Publishes Guidance on Securing Agentic AI UseThe UK’s National Cyber Security Centre is helping organizations to understand agentic AI security risksINFOSECURITY-MAGAZINE.COM
18 MayCISA Admin Leaked AWS GovCloud Keys on GithubUntil this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts…KREBSONSECURITY.COM
🔥 INCIDENT REPORTING 10[−]
18 MayWeekly Update 504Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite It's a hot topic, the old "pay or don't pay" for hackers not to leak your data. Since recording this a few days ago…TROYHUNT.COM
18 MayGrafana Labs Confirms Security Incident Involving GitHub Codebase AccessGrafana Labs has confirmed a security incident involving unauthorized access to its internal GitHub environment, after a threat actor obtained a compromised access token and downloaded portions of the company’s codebase. The disclosure, made via an official statement on May 17, 2…GBHACKERS.COM
18 MayHackers Abuse Cloudflare Storage to Exfiltrate Network FilesA sophisticated cyber espionage campaign targeting multiple Malaysian organizations has been uncovered, revealing a highly structured attack chain that blends custom tooling, cloud infrastructure, and stealthy data exfiltration. At the center of the operation is an Azure virtual …GBHACKERS.COM
18 MayPaper Werewolf APT Spreads EchoGather RAT via Fake Adobe InstallerA sophisticated Russian-language threat cluster known as Paper Werewolf (also tracked as GOFFEE) has launched a fresh wave of targeted cyberattacks against Russian industrial, financial, and transport organizations between March and April 2026. The attack begins with a …GBHACKERS.COM
18 MayThe Canvas breach proved that prevention is no longer enoughCybercriminals brought down the most widely used learning platform in North America. The Canvas breach is a blueprint for how SaaS attacks now work — and a warning about how unprepared most organizations still are. The post The Canvas breach proved that prevention is no longer en…CYBERSCOOP.COM
18 MayNYC Health and Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million peopleThe New York public healthcare system said hackers stole personal and medical data, and scans of biometrics — including fingerprints — in one of the largest recorded breaches of 2026.TECHCRUNCH.COM
18 MayFuel Tank Breaches Expand Scope of Iran's Cyber OffensiveSecurity experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors.DARKREADING.COM
18 MayGrafana refuses to pay ransom after codebase theftOn Saturday night, the company released a statement confirming the incident and outlining their decision not to pay a ransom issued by the hackers behind the attack.THERECORD.MEDIA
18 MayMore than 200 arrested in cyber raids aimed at Middle East scam networksInvestigators found hundreds of compromised devices that were used as part of the cybercriminal operation and notified device owners as part of the raids.THERECORD.MEDIA
18 MayAddi - 34,532,941 breached accountsIn March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibil…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 24[−]
18 MayProduct showcase: McAfee + ChatGPT integration turns doubt into a scam checkMcAfee + ChatGPT integration brings real-time scam detection in conversations and gives users an easier way to verify suspicious content before clicking or responding. It is available to anyone, without requiring a McAfee or ChatGPT subscription. It combines conversational AI wit…HELPNETSECURITY.COM
18 MayLinux Torvalds Warns AI Bug Report Spam Is Disrupting Linux Security DiscussionsLinux kernel creator Linus Torvald has warned that a flood of low‑value, AI‑generated bug reports is overwhelming the private Linux security mailing list and actively disrupting real security work. The new kernel documentation for Linux 7.1 now explicitly tells AI users to treat …GBHACKERS.COM
18 May1 Million WordPress Websites Exposed by Avada Builder Security VulnerabilitiesA widely used WordPress plugin powering over one million websites has been found vulnerable to two serious security flaws that could expose sensitive data and server files. Security researchers warn that the issues in the Avada Builder plugin could allow both authenticated and un…GBHACKERS.COM
18 MayThe AI backdoor your security stack is not built to seeEnterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious tokens, filter unusual characters, watch for prompt injection patterns. New research from Microsoft and t…HELPNETSECURITY.COM
18 MayFast16 Malware Sabotages Nuclear Test Simulations by Altering DataA newly analyzed cyber-espionage framework called Fast16 has revealed one of the most precise and covert sabotage operations ever uncovered targeting nuclear weapons simulations by silently manipulating critical test data. Researchers confirm that the malware didn’t just infiltra…GBHACKERS.COM
18 MayHackers Hide PureLogs Infostealer in PawsRunner LoaderThreat actors are increasingly hiding malware inside seemingly harmless files, and a new campaign shows just how effective this tactic has become. The attack begins with a phishing email carrying a TXZ archive attachment. Disguised as an urgent invoice, the file pressures victims…GBHACKERS.COM
18 MayOtterCookie Malware Steals Dev Secrets, SSH Keys, Cloud Credentials, and TokensA newly analyzed malware strain, OtterCookie, is emerging as a serious threat to developers, quietly harvesting sensitive data from active workstations in real time. Unlike earlier assumptions, OtterCookie is not a variant of BeaverTail but a separate Node. js-based remote access…GBHACKERS.COM
18 MayANY.RUN Turns 10: Special Offers for Stronger Security OperationsTen years in cybersecurity is a long journey. Threats have changed, attacks have become harder to spot, and security teams now need answers faster than ever.  ANY.RUN has grown with those teams.  What started as an interactive sandbox is now a trusted company …ANY.RUN
18 MaySignal begins testing automatic key verification for encrypted chatsSignal has started public testing of a new security feature called “automatic key verification,” designed to simplify confirming end-to-end encrypted conversations without requiring users to manually compare safety numbers. The feature was announced by Signal staff member “jimio”…CYBERINSIDER.COM
18 MayHow a government contest launched a revolution in AI-based bug huntingSecurity researchers have spent months honing AI systems that can find and fix serious vulnerabilities. Critical infrastructure everywhere could benefit.CYBERSECURITYDIVE.COM
18 MaySmartBear expands ReadyAPI with AI-powered API testing capabilitiesSmartBear has announced ReadyAPI’s new AI test generation capability that accelerates API testing by up to 80% while giving teams control to enable or disable AI. While competitors focus on speed alone, ReadyAPI’s AI test generation capability is architected for quality at scale …HELPNETSECURITY.COM
18 MayWhat Is an Al Agent in Cybersecurity?At the Milken Conference in May 2026, Robert F. Smith, founder and CEO of Vista Equity Partners, described a shift that every security leader should hear. Software, he said, has moved through three states: product, then service and now worker. "That agent, that software, act…KNOWBE4.COM
18 MayGrafana Labs says hacker gained access to codebase through leaked tokenThe company, which operates a widely used observability platform, is refusing to pay an extortion demand.CYBERSECURITYDIVE.COM
18 May7 Hidden iPhone Features That Actually Make a DifferenceDiscover hidden iPhone features for messages, photos, accessibility, privacy, call screening, and battery life that make iOS easier to use. The post 7 Hidden iPhone Features That Actually Make a Difference appeared first on TechRepublic .TECHREPUBLIC.COM
18 MayFitbit Bug Leaves Pixel Watch Users Missing Sleep Data AgainPixel Watch users report a Fitbit bug that hides sleep stats on the watch while data still appears in the phone app. The post Fitbit Bug Leaves Pixel Watch Users Missing Sleep Data Again appeared first on TechRepublic .TECHREPUBLIC.COM
18 MayWindows 11 Start Menu, Taskbar Are Getting More CustomizationMicrosoft is testing Windows 11 taskbar and Start menu updates, including movable taskbar positions, cleaner Start controls, and compact layout options. The post Windows 11 Start Menu, Taskbar Are Getting More Customization appeared first on TechRepublic .TECHREPUBLIC.COM
18 MayMozilla calls on UK to exclude VPNs from age verification rulesMozilla urged UK regulators not to impose age restrictions on VPN services, warning that such measures would weaken privacy protections for all users while doing little to prevent minors from bypassing online age checks. In a submission to the UK Department for Science, Innovatio…CYBERINSIDER.COM
18 MayApple’s Siri Revamp May Add Auto-Deleting ChatsApple’s reported Siri revamp may add auto-deleting AI chats as the company prepares a privacy-focused software push at WWDC 2026. The post Apple’s Siri Revamp May Add Auto-Deleting Chats appeared first on TechRepublic .TECHREPUBLIC.COM
18 MayBanned Nvidia AI Chips Keep Reaching China Despite US CrackdownUS export-control cases show how Nvidia chips and other restricted tech are allegedly diverted to China and Russia through shell firms and intermediaries. The post Banned Nvidia AI Chips Keep Reaching China Despite US Crackdown appeared first on TechRepublic .TECHREPUBLIC.COM
18 MayApple’s Fall Lineup Could Include Foldable iPhone, New MacsApple is rumored to have more than 15 products planned for fall, including a foldable iPhone, new Macs, AirPods, Watches, and smart-home devices. The post Apple’s Fall Lineup Could Include Foldable iPhone, New Macs appeared first on TechRepublic .TECHREPUBLIC.COM
18 MayInterpol leads cybercrime crackdown across 13 countries in Middle East, North AfricaOperation Ramz resulted in 201 arrests and disrupted phishing services, malware and financial scams. The post Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa appeared first on CyberScoop .CYBERSCOOP.COM
18 MayPoland urges officials to ditch Signal for state-run messaging appsPoland’s government is urging public-sector organizations to reduce their reliance on Signal for official communications and instead adopt domestically controlled encrypted messaging systems following a surge in phishing attacks targeting politicians, government personnel, and mi…CYBERINSIDER.COM
18 MayTeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)Since the last update , the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jenkins plugin compromise and a new self-spreading Mini Shai-Hulud worm across npm and PyPI. ISC.SANS.EDU
18 MayFTC: Americans Lost $2.1 Billion to Social Media Scams Last YearA new report from the US Federal Trade Commission (FTC) has found that Americans lost $2.1 billion in 2025 to scams that began on social media. Nearly 30% of people who reported losing money to a scam said it started on social media, far outpacing other modes of contact.KNOWBE4.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
18 MayA week in security (May 11 – May 17)A list of topics we covered in the week of May 11 to May 17 of 2026MALWAREBYTES.COM
18 MayPre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons SimulationsA new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compress…THEHACKERNEWS.COM
18 MayDeveloper Workstations Are Now Part of the Software Supply ChainSupply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets …THEHACKERNEWS.COM
18 MayIT threat evolution in Q1 2026. Mobile statisticsThis report contains mobile threat statistics for Q1 2026, along with noteworthy discoveries and quarterly trends: new versions of SparkCat and Triada.SECURELIST.COM
18 MayIT threat evolution in Q1 2026. Non-mobile statisticsThe report presents key trends and statistics on malware that targeted personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, during Q1 2026.SECURELIST.COM
📰 CYBERSECURITY BRIEFINGS 1[−]
18 MayN2K CyberWire's T-Minus returns with focus on the critical intersection of space and cybersecurityN2K Networks today announced the next evolution of its space-focused podcast as T-Minus: Space-Cyber Briefing, a new weekly program dedicated to the expanding intersection of space and cybersecurity, on the N2K CyberWire network.THECYBERWIRE.COM
🎙️ PODCASTS 1[−]
18 MayAI is distorting the Holocaust (Lock and Code S07E10)This week on the Lock and Code podcast, we speak with Clara Mansfeld about how AI-generated imagery is warping the history of the Holocaust.MALWAREBYTES.COM
📡 INFOSEC NEWS 11[−]
18 MayBank of England, FCA and Treasury Raise Alarm Over Frontier AIThe UK’s financial authorities have set expectations for the sector on cybersecurity and operational resilienceINFOSECURITY-MAGAZINE.COM
18 MayAn ICE Firearms Trainer Was Involved in At Least 4 Deadly ShootingsDavid Norman, a former Phoenix police officer who’s described himself as “a fucking savage,” now runs a company that provided training to Homeland Security’s Special Response Teams.WIRED.COM
18 MayMicrosoft is changing Edge’s plaintext password behaviorSaved passwords in Microsoft Edge will no longer sit in plaintext memory for the entire browser session after a researcher raised concerns.MALWAREBYTES.COM
18 MayHow to Reduce Phishing Exposure Before It Turns into Business DisruptionWhat happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the…THEHACKERNEWS.COM
18 MayInterpol Launches Sweeping Cybercrime Crackdown in MENA RegionOver 200 people were arrested in an anti-cybercrime operation that spanned 13 countries across the Middle East and North AfricaINFOSECURITY-MAGAZINE.COM
18 MayThe Infosecurity Europe Cyber Startup Competition: Meet the FinalistsNew for 2026, the Infosecurity Europe Startup competition will see five finalists pitch their ideas in front of a live audience, including senior industry leaders, investors and buyersINFOSECURITY-MAGAZINE.COM
18 MayPublic Amazon bucket leaks sensitive guest data from Japanese hotel platform TabiqA hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea’s Tabiq hotel check-in system exposed over 1 million passports, driver’s licenses, and selfie verification photos on…SECURITYAFFAIRS.COM
18 MayB1ack’s Stash Releases 4.6 Million Stolen Credit Cards for FreeB1ack’s Stash Releases 4.6 Million Stolen Credit Cards for Free A notorious Dark Web carding marketplace is making headlines again. B1ack’s Stash, one of the most active illicit card shops on the Dark Web, has announced the free release of approximately 4.6 million stolen credit …SOCRADAR.IO
18 MayExperts warn of privacy risks as AI firms looks to connect to financial accountsOpenAI announced Friday that it is rolling out a new ChatGPT feature allowing users to connect all of their financial accounts to the chatbot for personal finance advice.THERECORD.MEDIA
18 MayINTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 ArrestsINTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382 suspects. The initiative involved the efforts of 13 countries from the region between October 2025 …THEHACKERNEWS.COM
18 May'Claw Chain' Vulnerabilities Threaten OpenClaw DeploymentsThe now patched vulnerabilities in the rapidly growing AI agent framework allow attackers to steal credentials, escalate privileges, and maintain persistence.DARKREADING.COM