136Articles
9Categories
2026-05-19Date
🚨 CISA KEV 1[−]
19 May KEVKey findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitationThe 2026 Verizon Data Breach Investigations Report (DBIR) reveals a troubling trend: vulnerability exploitation has surged to become the number one initial access vector while remediation rates have worsened. Key takeaways Vulnerability exploitation has surged to become the leadi…TENABLE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 22[−]
19 May KEVExchange Zero-Day Under Attack, Ransomware Gets Smarter, Fortinet Critical FlawsA dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has pat…CYBERSECURITYTODAY.LIBSYN.COM
19 MayCVE-2026-4873 connection reuse ignores TLS requirementInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-6429 netrc credential leak with reused proxy connectionInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-5545 wrong reuse of HTTP Negotiate connectionInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-6253 proxy credentials leak over redirect-to proxyInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-5773 wrong reuse of SMB connectionInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-6276 stale custom cookie host causes cookie leakInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-7168 cross-proxy Digest auth state leakInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruptionInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2025-0665 eventfd double closeInformation published.MSRC.MICROSOFT.COM
19 MayFour-Faith Industrial Routers Targeted in Botnet Hijacking CampaignFour-Faith industrial cellular routers are being actively targeted in a growing botnet campaign exploiting a critical authentication bypass flaw tracked as CVE-2024-9643. Security researchers warn that attackers are rapidly weaponizing the vulnerability to hijack exposed devices …GBHACKERS.COM
19 May20-Year-Old PostgreSQL Flaw Gets Public PoC Exploit for Remote Code ExecutionA newly released proof-of-concept (PoC) exploit for CVE-2026-2005 has brought renewed attention to a critical vulnerability in PostgreSQL’s pgcrypto extension, exposing systems to remote code execution (RCE). Security researchers warn that the flaw, rooted in legacy code paths da…GBHACKERS.COM
19 MayDirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE VulnerabilityProof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 securi…THEHACKERNEWS.COM
19 MaymacOS flaw allowed rogue apps to access chat and browser dataResearchers at mobile privacy firm Mysk have disclosed details of a now-patched macOS vulnerability that could allow malicious apps to bypass Apple’s sandbox and privacy protections to access sensitive user data stored by messaging, productivity, and browser applications. Tracked…CYBERINSIDER.COM
19 MayContractor’s public GitHub account exposed GovCloud and CISA credentialsUntil a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity and Infrastructure Security Agency (CISA) systems. That’s according to cybersecurity reporter Brian Krebs, who first broke the news ove…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 42[−]
19 MayCTT - 468,124 breached accountsIn April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum . The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve the tracking history…HAVEIBEENPWNED.COM
19 MayGitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD CredentialsIn yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the…THEHACKERNEWS.COM
19 MayCISA Admin Reportedly Exposes AWS GovCloud Credentials in Public GitHub RepositoryA significant security lapse involving the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has come to light after a contractor reportedly exposed highly sensitive AWS GovCloud credentials in a public GitHub repository. The incident, disclosed by security researchers…GBHACKERS.COM
19 MaySEPPmail Gateway Flaws Expose Organizations to RCE and Email Traffic InterceptionMultiple critical vulnerabilities in the SEPPmail Secure E-Mail Gateway are putting thousands of organizations at risk of remote code execution (RCE) and the interception of sensitive email. The flaws, tracked under several CVEs, impact widely deployed SEPPmail appliances used fo…GBHACKERS.COM
19 MayMythos Preview Automates PoC Exploit Creation for Vulnerability ResearchA new AI model from Anthropic is changing how security teams find and prove software vulnerabilities. It is raising hard questions about what happens when the same technology falls into the wrong hands. Cloudflare has published findings from its participation in Project Glasswing…GBHACKERS.COM
19 MayPublic Instagram posts provide raw material for AI phishing campaignsA handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Texas at Arlington and Louisiana State University showed how public social media activity can be turned into phishing messages…HELPNETSECURITY.COM
19 MayEarbud sensors can authenticate users by their heartbeat, study findsResearchers built a continuous authentication system called AccLock that identifies a wearer by the tiny vibrations a heartbeat makes inside the ear canal. The signal comes from an accelerometer of the kind already sitting inside many wireless earbuds, so no extra hardware is nee…HELPNETSECURITY.COM
19 MayCompromised GitHub Action Steals Workflow CredentialsA widely used GitHub Action, actions-cool/issues-helper, has been compromised in a supply chain attack that exposes sensitive CI/CD secrets to an attacker-controlled domain. The attack hinges on a subtle but powerful manipulation of Git tags. Instead of altering the visible commi…GBHACKERS.COM
19 MayHackers Exploit Entra ID Accounts to Steal Microsoft 365, Azure DataHackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data. A highly sophisticated cyberattack campaign carried out by a threat actor tracked as Storm-2949, targeting Microsoft Entra ID accounts to steal sensitive data from Microsoft 365 and Azure enviro…GBHACKERS.COM
19 MayProtecting the Neglected: Measuring County Cyber Risk with Dr. Ido Sivan SevillaIn this episode, host Caleb Tolin sits down with Dr. Ido Sivan Sevilla, an Assistant Professor at the Hebrew University School of Public Policy & Governance and the School of Computer Science and Engineering, to expose critical vulnerabilities within U.S. county governments. As t…THECYBERWIRE.COM
19 MayiProov brings identity verification to video meetings to reduce fraud risksiProov has launched iProov Verified Meetings, a new solution that enables organizations to verify the identity of video call participants without adding friction to the user experience. Video meetings have become a trusted and scalable communication channel, but attackers are inc…HELPNETSECURITY.COM
19 MayPostgreSQL Flaws Expose Databases to Remote Code Execution and SQL InjectionPostgreSQL has released critical security updates addressing multiple high-impact vulnerabilities that could allow remote code execution (RCE), SQL injection, and denial-of-service (DoS) attacks across widely deployed database environments. The PostgreSQL Global Development Group…GBHACKERS.COM
19 MayShai-Hulud worm copycats emerge after source code leakShai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code was dumped on Git…SECURITYAFFAIRS.COM
19 May7 tips for accelerating cyber incident recoveryDespite strong and redundant defenses, enterprises remain vulnerable to a wide range of cyberattacks. And because attacks — and cyber incidents — are inevitable, developing an incident response and recovery process that’s quick, comprehensive, and coordinated is essential. Expedi…CSOONLINE.COM
19 MayGrafana Labs Confirms Hackers Stole Source CodeOpen source tool maker Grafana says hackers stole codebase via GitHub breachINFOSECURITY-MAGAZINE.COM
19 MaySEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic AccessCritical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These vulnera…THEHACKERNEWS.COM
19 MayOperation Ramz Dismantles 53 Servers Used in Scam and Malware CampaignsA large-scale international cybercrime operation led by INTERPOL has resulted in 201 arrests and the takedown of 53 malicious servers linked to phishing, malware, and online scam campaigns across the Middle East and North Africa (MENA) region. Dubbed Operation Ramz, the init…GBHACKERS.COM
19 MayDrupal to Release Urgent Core Security Updates on May 20, Sites Told to PrepareDrupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hour…THEHACKERNEWS.COM
19 MayUAC-0184 Uses Bitsadmin and HTA Files to Deliver Gated MalwareUAC-0184 uses a multi‑stage malware chain that abuses bitsadmin and HTA loaders to reach a heavily obfuscated payload bundle, ultimately hiding behind signed binaries such as VSLauncher.exe and PassMark Endpoint to gain stealthy network access on Ukrainian military networks. CERT…GBHACKERS.COM
19 MayAI Raises the Bar on Vulnerability Awareness and Secure-by-Design SoftwareAI-powered vulnerability scanning leaves no excuse for unpatched bugs as the EU Cyber Resilience Act pushes firms toward secure-by-design softwareINFOSECURITY-MAGAZINE.COM
19 MayPhishing Campaign Exploits Google AppSheets to Target Facebook AccountsResearchers at Guardo Labs are tracking a major phishing campaign that abused Google AppSheet as a relay to send phishing emails. The researchers identified more than 30,000 Facebook accounts that were compromised by this campaign. Since the emails are sent from Google’s legitima…KNOWBE4.COM
19 MayInternet Explorer may be dead, but its ghost still runs malwareMicrosoft’s aging “mshta.exe” utility, a leftover component from Internet Explorer, is still being actively abused in modern malware campaigns years after the browser itself was retired. According to new research from Bitdefender, attackers continue to abuse Microsoft HTML Applic…CSOONLINE.COM
19 MayPureLogs infostealer is stealing credentials worldwideA phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, Fortinet researchers discovered. The attack The attack starts with a phishing email containing a TXZ archive a…HELPNETSECURITY.COM
19 MayHackers have compromised dozens of popular open source packages in an ongoing supply chain attackThe attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.TECHCRUNCH.COM
19 MayGitHub scales back bug bounties, reminds users security is their responsibility tooFaced with the growing volume of submission to its bug bounty program, GitHub is replacing cash bounties with swag rewards for reports with low security impact — and asking researchers to stop submitting reports that are low quality or about things that aren’t its fault. The clou…CSOONLINE.COM
19 MayMini Shai-Hulud returns, compromising hundreds of npm packagesAnother malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer tools and CI pipelines. The post Mini Shai-Hulud returns, compromising hundreds of npm packages appeared first on CyberScoop .CYBERSCOOP.COM
19 MayPatch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPNResearchers said a wave of attacks began in February targeting firewalls that appeared to be protected. CYBERSECURITYDIVE.COM
19 MayRapid7’s 2026 Global Cybersecurity Summit: Key Takeaways for Security LeadersSecurity teams are working in an environment where speed, scale, and complexity are all increasing at the same time. Across the Rapid7 2026 Global Cybersecurity Summit , the focus was not just on how the threat landscape is evolving, but on how teams are adapting their approach t…RAPID7.COM
19 MayTP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilitiesCisco Talos’ Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN. The vulnerabilities mentioned in this blog post have been patched by their respective …TALOSINTELLIGENCE.COM
19 MayGoverning infrastructure as code using pattern-based policy as codeOrganizations often struggle to enforce security and compliance requirements consistently across their cloud infrastructure. In one environment, a workload might be deployed in an AWS Region that was never approved for that class of data. In another, a security group might allow …AWS.AMAZON.COM
19 MayTrapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 AppsCybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned …THEHACKERNEWS.COM
19 MayMicrosoft dismantled malware-signing network Fox TempestMicrosoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation run by a threat actor named Fox Tempest, which helped threat actors sign malware with …SECURITYAFFAIRS.COM
19 MayNews alert: Orchid Security study finds invisible identities now outnumber managed accountsNEW YORK, May 19, 2026, CyberNewswire— Orchid Security , the company solving identity at its core, today released its Identity Gap: 2026 Snapshot report, revealing that the majority of enterprise identity now exists outside the view of identity and access … (more…) The post…LASTWATCHDOG.COM
19 MayAntV data visualization tool the latest to be hit by ongoing npm supply chain attacksThe world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool. Unlike last week’s high-profile npm attack on TanStack , which exploited a comple…CSOONLINE.COM
19 MayHuawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms networkThere is no evidence that the incident has recurred, but the flaw remains unexplained and has not been publicly acknowledged by the company.THERECORD.MEDIA
19 MayCISA secrets left sitting on GitHub.A CISA contractor leaks GovCloud credentials on GitHub. INTERPOL cracks down on phishing infrastructure across the Middle East and North Africa. Microsoft patches a critical Authenticator flaw, while Poland moves officials off Signal after targeted phishing campaigns. A stealthie…THECYBERWIRE.COM
19 MayAttackers hit vulnerabilities hard last year, making exploits the top entry point for breachesVerizon’s annual Data Breach Investigations Report uncovered a surge of exploited vulnerabilities, and a growing lack of critical defect remediation industrywide. The post Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches appeared firs…CYBERSCOOP.COM
19 MayWindows Zero-Day Barrage Continues After Patch TuesdayYellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks.DARKREADING.COM
19 MayAI Spam Is Breaking Bug BountiesBug bounty programs created a structured way for security researchers to report vulnerabilities while helping software companies improve products without relying entirely on internal QA teams. The speaker argues that generative AI is now overwhelming some of these programs with l…YOUTUBE.COM
19 MayVerizon DBIR: Enterprises Face a Dangerous Vulnerability GlutVerizon's "2026 Data Breach Investigations Report" ("DBIR") finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys.DARKREADING.COM
19 MayMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…CISECURITY.ORG
19 MaySN 1079: Daybreak and Codename MDASH - Microsoft's Edge Password BlunderOpenAI, Microsoft, and Google are racing to unleash next-gen AI that hunts for software vulnerabilities and hacks at scale. This episode explores how these advancements could shake up everything we thought we knew about cybersecurity. Microsoft rethinks Edge's "intended behavior"…TWIT.TV
📋 SECURITY BULLETINS 2[−]
19 MaymacOS Malware Abuses Fake Google Update for PersistenceA newly observed variant of the SHub macOS infostealer, dubbed “Reaper,” is expanding its capabilities with stealthier delivery, enhanced data theft, and a persistence mechanism disguised as a legitimate Google software update. The Reaper variant continues SHub’s use of fake appl…GBHACKERS.COM
19 MayDrupal is rolling out an emergency security update on May 20. You cannot miss itDrupal Is Pushing an Emergency Security Update Tomorrow. If You Run a Drupal Site, This Is Not One to Miss. Something significant is coming out of the Drupal project tomorrow, and the way the announcement is worded should be enough to get any site administrator’s attention.…SECURITYAFFAIRS.COM
📢 SECURITY ADVISORIES 7[−]
19 MayCybersecurity jobs available right now: May 19, 2026CISO DataFence | Israel | Hybrid – View job details As a CISO, you will develop security roadmaps, compliance plans, risk registers, policies, and control implementation plans while leading audit and regulatory compliance activities. You will manage client project…HELPNETSECURITY.COM
19 MayAI infrastructure is cracking under sovereignty demandsAI deployments are moving into environments with tighter controls around data, infrastructure, and system operations. Organizations are building AI systems across multiple providers, platforms, and computing environments while managing governance, security, and compliance obligat…HELPNETSECURITY.COM
19 MayKimsuky Uses LNK, JSE Lures to Target Recruiters, Crypto Users, Defense OfficialsKimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials. North Korea-linked threat group Kimsuky has launched at least four distinct spear-phishing campaigns in early 2026, targeting recruiters, cryptocurrency users, developers, defense per…GBHACKERS.COM
19 MayUS cyber agency CISA exposed reams of passwords and cloud keys to the open webThe federal cybersecurity agency left plaintext passwords in a spreadsheet uploaded to a public GitHub repository, per a report by independent journalist Brian Krebs.TECHCRUNCH.COM
19 MayCISA contractor exposed AWS GovCloud keys on GitHub.Microsoft fixes critical Authenticator flaw. INTERPOL operation nabs 200 suspected cybercriminals.THECYBERWIRE.COM
19 MayCISA Exposes Secrets, Credentials in 'Private' RepoThe agency's GitHub repository, publicly available since November 2025, was ironically named "Private-CISA."DARKREADING.COM
19 MayCISA credential leak raises alarms, and Capitol Hill demands answersA researcher who found a repository that leaked on GitHub said it was one of the worst he’s witnessed. The post CISA credential leak raises alarms, and Capitol Hill demands answers appeared first on CyberScoop .CYBERSCOOP.COM
🔥 INCIDENT REPORTING 17[−]
19 MayMini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer AccountCybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer accoun…THEHACKERNEWS.COM
19 MayCompromised Nx Console VS Code Extension Steals Developer and Cloud SecretsNx Console’s popular VS Code extension was briefly weaponized into a credential-stealing tool that can leak developer and cloud secrets and plant a persistent backdoor. Anyone who installed v18.95.0 should treat their environment as fully compromised. On May 18, 2026, a malicious…GBHACKERS.COM
19 MayMini Shai-Hulud Attack Hits @antv npm PackagesA large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an active and rapidly evolving campaign linked to the Mini Shai-Hulud malware family. The attack centers on the compromise of the npm …GBHACKERS.COM
19 MayCompromised Nx Console 18.95.0 Targeted VS Code Developers with Credential StealerCybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code …THEHACKERNEWS.COM
19 MayGentlemen Ransomware Targets Windows, Linux, NAS, BSD, and ESXi SystemsThe Gentlemen ransomware operation has rapidly emerged as one of the most active and scalable cybercrime threats since its public appearance in the second half of 2025. The Gentlemen stands out for its ability to target a wide range of enterprise systems, including Windows, Linux…GBHACKERS.COM
19 MayPoland shifts away from Signal following cyberattacks on officials’ accountsPoland told officials to stop using the popular instant messaging app Signal after cyberattacks targeted government accounts. Poland has instructed government officials to stop using Signal for sensitive communications and move to a state-developed alternative. The decision follo…SECURITYAFFAIRS.COM
19 MayShinyHunters Takes Responsibility for Attack on Learning Management PlatformA cyberattack linked to the notorious threat group ShinyHunters has disrupted a widely used Learning Management System (LMS), impacting educational institutions and students across the United States. According to a Public Service Announcement (PSA) issued by the FBI on May 15, 20…GBHACKERS.COM
19 MayThe New Phishing Click: How OAuth Consent Bypasses MFAIn February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.  The targets of the platform received a message asking them to enter a short code at…THEHACKERNEWS.COM
19 MayLooking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber EvolutionDark Reading editors reflect on two decades of dramatic change — from perimeter defense to assume-breach strategies — and warn that while AI, cloud, and COVID-19 have transformed the threat landscape, organizations are still failing at fundamental security hygiene that could stop…DARKREADING.COM
19 MaySelector extends AI-driven observability into multi-cloud environmentsSelector has announced the expansion of its platform with AI-powered multi-cloud observability capabilities. The extension of Selector’s AI-driven observability approach into multi-cloud environments enables organizations to correlate signals across the full hybrid path. By…HELPNETSECURITY.COM
19 MayWhen AI Starts Acting MaliciousKeith Hoodlet defines AI misalignment through observable security behavior: agents taking actions that resemble malicious hacking activity even when they were not instructed to perform offensive tasks. In this example, the AI was given benign objectives but reacted to surrounding…YOUTUBE.COM
19 MayMicrosoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing ToolMicrosoft’s Digital Crimes Unit has taken down the infrastructure of Fox Tempest, a prolific cybercrime-enabling threat groupINFOSECURITY-MAGAZINE.COM
19 MayMicrosoft disrupts cybercrime service that abused software verification systems en masseFox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. The post Microsoft disrupts cybercrime service that abused software verification systems en masse appeared first on Cybe…CYBERSCOOP.COM
19 MayBiometrics, diagnoses, and bank details exposed in major healthcare breachNYC Health + Hospitals says attackers accessed its systems for months through a third-party vendor compromise, affecting at least 1.8 million people.MALWAREBYTES.COM
19 MayMicrosoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangsThe company unsealed a legal case in U.S. District Court on Tuesday detailing the disruption of Fox Tempest — a popular service that has operated since May 2025 and provides cybercriminals with code signing tools.THERECORD.MEDIA
19 MayCIRT insights: How to help prevent unauthorized account removals from AWS OrganizationsThe AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team often uncovers new or trending tactics used by various threat actors that take advantage of specific customer configurations and design…AWS.AMAZON.COM
🕵️ THREAT INTELLIGENCE 30[−]
19 MayISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936, (Tue, May 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 MayMicrosoft to Retire Teams Together Mode to Improve PerformanceMicrosoft has announced it will retire the “Together mode” feature in Microsoft Teams, marking a shift toward simplified meeting layouts designed to improve performance, usability, and consistency across devices. The change, confirmed by Microsoft Product Manager Katarina Tranker…GBHACKERS.COM
19 MayJavaScript Malware Campaign Drops Crypto Clipper via PowerShellA large-scale CountLoader campaign that uses layered obfuscation, multi-stage payload delivery, and covert command-and-control (C2) communication to deploy cryptocurrency clipper malware. The campaign stands out for its complex infection chain, combining JavaScript, PowerShell, a…GBHACKERS.COM
19 MayBabel Street targets AI-driven threats with new agentic investigation capabilitiesBabel Street has launched Insights Investigator, a new agentic capability that puts tradecraft-trained AI agents at the front edge of investigative work while ensuring analysts remain in control of scope, logic, and outcomes of their missions. As part of the Babel Street Insights…HELPNETSECURITY.COM
19 MayEgnyte unveils Email Capture and AI features to unify fragmented dataEgnyte has announced a new set of capabilities designed to consolidate fragmented knowledge. Email Capture centralizes critical communications and attachments from siloed inboxes into the Egnyte folder structure, assisting users to make more informed data-driven decisions based o…HELPNETSECURITY.COM
19 MayThe State of AI & AppSec - Keith Hoodlet - ASW #383This year has been a dichotomy of established secure design fundamentals and burgeoning chaos of LLM-driven vuln discovery. Keith Hoodlet returns to share his latest observations on what the recent news about Mythos, models, and harnesses means for appsec. He walks through the pr…YOUTUBE.COM
19 MayDiscord enables E2EE by default for all voice and video communicationsDiscord announced that all voice and video calls on its platform are now protected with end-to-end encryption (E2EE) by default. The rollout applies to direct messages, group calls, voice channels, and Go Live streams, with Stage channels remaining the only exception. Discord fir…CYBERINSIDER.COM
19 MayLaurie Anderson Is Quoting MeNot by name, but Laurie Anderson quotes me in one of the tracks of her new album: My favorite quote is from a cryptologist who said “If you think technology will solve your problems, you don’t understand technology and you don’t understand your problems.” …SCHNEIER.COM
19 MayMicrosoft Edge Enhances Security by Preventing Password Loading at StartupMicrosoft is rolling out a key security change in its Edge browser to stop saved passwords from being loaded into memory as soon as the browser starts. The move comes after a security researcher showed that Edge was decrypting and keeping all stored passwords in cleartext in proc…GBHACKERS.COM
19 MayTop 5 Phishing-Driven Social Engineering Attacks on Companies in 2026Your employees are not falling for “bad grammar” phishing anymore. They are being pulled into fake Microsoft logins, banking pages, AI tool instructions, real OAuth flows, and event invitations that look close enough to daily work to pass without alarm.  For CISOs, that is t…ANY.RUN
19 MayAnthropic Denies EU Access to Claude Mythos, ChatGPT 5.5 Comes to RescueAnthropic still hasn’t granted the EU access to Claude Mythos, but OpenAI’s ChatGPT 5.5-Cyber could help the bloc preempt vulnerabilities. The post Anthropic Denies EU Access to Claude Mythos, ChatGPT 5.5 Comes to Rescue appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayVoidStealer Malware Targets Chrome Data Despite Built-In Browser ProtectionsA newly discovered infostealer called VoidStealer is raising concerns after researchers revealed it can bypass Google Chrome’s App-Bound Encryption (ABE), a security feature designed to protect sensitive browser data. The malware introduces a novel technique that allows attackers…GBHACKERS.COM
19 MayLaunchDarkly adds real-time controls for AI agents in productionLaunchDarkly has launched AgentControl, a new solution that gives software teams real-time control over AI agents in production. With AgentControl, teams can change how an agent behaves at runtime without redeploying the underlying application. As AI agents move into production, …HELPNETSECURITY.COM
19 MayCanonical ships Ubuntu Core 26 with 15 years of security maintenanceOperators of industrial sensors, edge AI controllers, and connected medical equipment now have a refreshed long-term Linux option for fleets that must stay patched for more than a decade. Canonical released Ubuntu Core 26, the latest long-term supported version of its minimal, im…HELPNETSECURITY.COM
19 MayNew macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chainA SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password managers, and cryptocurrency wallets while establishing persistence for continued access, SentinelOne found. …HELPNETSECURITY.COM
19 MayThe end of unencrypted Discord calls is hereDiscord has protected voice and video calls in DMs, group DMs, voice channels, and Go Live streams with end-to-end encryption (E2EE) by default. The company began experimenting with E2EE for voice and video in 2023, starting a long-term effort. End-to-end encryption allows only p…HELPNETSECURITY.COM
19 MayMicrosoft’s legacy MSHTA tool heavily abused in malware attacksMicrosoft’s legacy mshta.exe utility remains widely abused in malware campaigns despite the retirement of Internet Explorer and Microsoft’s ongoing deprecation of older scripting technologies. Bitdefender Labs reports a notable rise in detections involving mshta.exe over recent m…CYBERINSIDER.COM
19 MayTwo-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap ReportNew York, United States, May 19th, 2026, CyberNewswire New research shows identity dark matter continues to expand and erode enterprise identity, resulting in a fragile foundation for agent AI readiness and adoption Orchid Security, the company solving identity at its core, today…GBHACKERS.COM
19 MayWarning: Phishing Attacks Are Abusing the Kuse AI AppAttackers are abusing the storage and sharing features of Kuse, a free AI app, to assist in phishing campaigns, according to researchers at Trend Micro. Kuse is a legitimate agentic AI platform used by employees to streamline workflows. Users can share files with coworkers, which…KNOWBE4.COM
19 MayMozilla hardens Firefox against fingerprinting, adds one-click session wipeMozilla has released Firefox 151, introducing new privacy-focused protections for Private Browsing Mode and stronger anti-fingerprinting defenses. A new “End Private Session” feature for Firefox’s Private Browsing Mode, accessible through a fire-shaped icon next to the address ba…CYBERINSIDER.COM
19 MayCriminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASMTorrance, United States / California, May 19th, 2026, CyberNewswire Criminal IP has announced its return to Infosecurity Europe 2026 with a focus on delivering more actionable, decision-ready intelligence through its continuously evolving platform. Taking place from June 2 to Jun…GBHACKERS.COM
19 MayAI Isn’t Finding Novel BugsThis discussion highlights a recurring pattern in AI-assisted security research: current systems are effective at identifying known classes of vulnerabilities and established error patterns, but evidence for discovering truly novel vulnerabilities remains limited. This may mean A…YOUTUBE.COM
19 MayMicrosoft Launches New Surface AI PCs for Business BuyersMicrosoft launched new Surface for Business PCs with Intel Core Ultra Series 3 chips, AI features, 5G options, and enterprise security tools. The post Microsoft Launches New Surface AI PCs for Business Buyers appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayAnthropic Just Bought a Developer Tool Used by OpenAI, GoogleAnthropic acquired SDK startup Stainless, signaling a deeper push into developer tooling as AI labs compete beyond model performance. The post Anthropic Just Bought a Developer Tool Used by OpenAI, Google appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayAgentic AI, Strong Racks, Weak Fabric: Inside Dell’s AI BetDell sharpens its AI vision with agentic endpoints, an AI-ready platform, and factory-built racks, but its muted networking story raises questions about how far its AI Factory can scale. The post Agentic AI, Strong Racks, Weak Fabric: Inside Dell’s AI Bet appeared first on TechRe…TECHREPUBLIC.COM
19 MayMac Users Face New Malware Threat Spoofing Apple, Google, and MicrosoftA new SHub Reaper macOS infostealer spoofs prompts from Apple, Google, and Microsoft to steal passwords, crypto data, and business files from Macs. The post Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayApple’s Siri Could Get a Grammarly-Like AI Writing Tool at WWDCApple’s iOS 27 may add AI writing tools, prompt-built shortcuts, AI wallpapers, and a smarter Siri as WWDC 2026 approaches in June. The post Apple’s Siri Could Get a Grammarly-Like AI Writing Tool at WWDC appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayApple Intelligence Powers New Accessibility Features for iPhone, MacApple Intelligence will upgrade VoiceOver, Voice Control, captions, and Vision Pro wheelchair controls in new accessibility features coming later this year. The post Apple Intelligence Powers New Accessibility Features for iPhone, Mac appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayMicrosoft Confirms Windows Update Bug Blocking Security FixesMicrosoft confirmed that KB5089549 can fail with error 0x800f0922 on Windows 11 devices with low EFI partition space, and shared workarounds are available. The post Microsoft Confirms Windows Update Bug Blocking Security Fixes appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayMy Mother the Car, AI Slop, Nginx, Polyscope, Drupal, , GitHub, Aaran Leyland - SWN #582My Mother the Car, AI Slop, Nginx, Polyscope, Drupal, GitHub, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-582YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
19 MayFrom PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threatCisco Talos has uncovered a BadIIS variant — identifiable by its embedded "demo.pdb" strings — that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under a malware-as-a-service (MaaS) model for continuous monetiza…TALOSINTELLIGENCE.COM
19 MayFrom Ivory Tower to Iron Curtain: The Academics Who Reshaped the CIAIn 1947, a new civilian intelligence agency was established: the CIA. But a series of intelligence failures undermined its credibility. The White House and Congress were up in arms, and a new mission was formed- to recruit Ivy League professors with uncanny skills. Leaving their …THECYBERWIRE.COM
19 MayStealer Spoofs Google, Microsoft & Apple, Then Backdoors macOSThe SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution.DARKREADING.COM
📡 INFOSEC NEWS 12[−]
19 MayHackers Bypass Security Tools to Target Users DirectlyBridewell report calls out emergence of “fix-style” attacksINFOSECURITY-MAGAZINE.COM
19 MayHow to Make Apps and Websites Remove Your Nonconsensual NudesStarting May 19, tech platforms in the US will have to start complying with the Take It Down Act. Here's how more than a dozen of the largest platforms are handling takedown demands for your nudes.WIRED.COM
19 MayMassive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspectsINTERPOL led Operation Ramz in MENA, resulting in 201 arrests and 382 suspects tied to cybercrime networks. INTERPOL coordinated Operation Ramz across the Middle East and North Africa, leading to 201 arrests and identifying 382 additional suspects. ” A first-of-its-kind cyb…SECURITYAFFAIRS.COM
19 MayYouTube wants your face to fight deepfakes"Likeness detection" promises protection from AI deepfakes, but some creators are uneasy about handing over biometric data in return.MALWAREBYTES.COM
19 MayAgentic AI Accelerates Software Builds and Mobile App AttacksDigital.ai data reveals 87% of apps were attacked over the past yearINFOSECURITY-MAGAZINE.COM
19 MayFacebook scam promises cheap Aldi meat boxes, steals payment info insteadA fake Aldi “meat box” offer spreading on Facebook tricks victims into handing over personal and payment info.MALWAREBYTES.COM
19 MayTools for spotting and disabling AI systems in an enterpriseKey methods for cutting off AI access to an organization’s core IT assets.KASPERSKY.COM
19 MayTelecom sector launches its own private ISACFederal government involvement in an existing group chilled some cybersecurity discussions among major telecom providers. The new group is intended to alleviate those anxieties.CYBERSECURITYDIVE.COM
19 MayUK regulator to require tech firms to tackle deepfakes, non-consensual intimate imagesThe regulator’s announcement said the change is being made due to the “urgent need to better protect women and girls online.”THERECORD.MEDIA
19 MayDiscord enables end-to-end encrypted voice and video calling for every userGood news! Discord's hundreds of millions of users now have their communications scrambled, so not even Discord can see them.TECHCRUNCH.COM
19 MayFrom teen hacker to Iron Dome researcher, this founder raised $28M to fight AI phishingOcean, an agentic email security platform, raised funding from Lightspeed Venture Partners.TECHCRUNCH.COM