matlock.ca // THREAT INTELLIGENCE

121Articles

9Categories

2026-05-20Date

🐛

FreePBX Security Flaw Lets Attackers Access User Portals

GBHACKERS.COM — 20 May 2026

🐛

CVE Lite CLI: Open-source dependency vulnerability scanner

HELPNETSECURITY.COM — 20 May 2026

🐛

CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests

MSRC.MICROSOFT.COM — 20 May 2026

🐛

CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node

MSRC.MICROSOFT.COM — 20 May 2026

🐛

CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()

MSRC.MICROSOFT.COM — 20 May 2026

🐛

Pardus Linux Vulnerability Lets Local Attackers Gain Silent Root Access

GBHACKERS.COM — 20 May 2026

🐛

DirtyDecrypt: PoC Released for yet another Linux flaw

SECURITYAFFAIRS.COM — 20 May 2026

🐛

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

HELPNETSECURITY.COM — 20 May 2026

🐛

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

THEHACKERNEWS.COM — 20 May 2026

🐛

Why some security fixes never reach your vulnerability dashboard

CSOONLINE.COM — 20 May 2026

🐛

How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

SECURELIST.COM — 20 May 2026

🐛

Critical ExifTool Vulnerability Lets Hackers Compromise Macs via Malicious Images

GBHACKERS.COM — 20 May 2026

🐛

NVIDIA Triton Inference Server Flaw Raises Risk of Unauthorized Access

GBHACKERS.COM — 20 May 2026

🐛

Microsoft issues YellowKey mitigation, no patch yet

SECURITYAFFAIRS.COM — 20 May 2026

🐛

VU#980487: Local privilege escalation in Linux Kernel (Dirty Frag)

KB.CERT.ORG — 2026-05-20

🐛

Drupal admins rushing to patch maximum severity SQL injection vulnerability

CSOONLINE.COM — 20 May 2026

⚠️

Windows 11 BitLocker Zero-Day, TeamPCP Malware Leak, Iran Gas Station Hacks | Cybersecurity Today

CYBERSECURITYTODAY.LIBSYN.COM — 20 May 2026

⚠️

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

THEHACKERNEWS.COM — 20 May 2026

⚠️

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

THEHACKERNEWS.COM — 20 May 2026

⚠️

PoC Exploit Released for DirtyDecrypt Linux Kernel Vulnerability

GBHACKERS.COM — 20 May 2026

⚠️

Hackers Exploit MSHTA to Deploy LummaStealer and Amatera Malware

GBHACKERS.COM — 20 May 2026

⚠️

GitHub Source Code Reportedly Compromised, TeamPCP Claims Breach

GBHACKERS.COM — 20 May 2026

⚠️

Risky Business #838 -- GitHub investigates possible breach

RISKY.BIZ — 20 May 2026

⚠️

New NGINX Vulnerability Exposes Servers to Malicious Code Execution

GBHACKERS.COM — 20 May 2026

⚠️

Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

SECURITYAFFAIRS.COM — 20 May 2026

⚠️

Interpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle East

DARKREADING.COM — 20 May 2026

⚠️

Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector

INFOSECURITY-MAGAZINE.COM — 20 May 2026

⚠️

TeamPCP GitHub Breach: Internal GitHub Repositories Allegedly Accessed

SOCRADAR.IO — 20 May 2026

⚠️

Shift to Prevention and Enforcement as We Repeat Security Mistakes With AI - Rob Allen - BSW #448

YOUTUBE.COM — 2026-05-20

⚠️

GitHub confirms internal repository theft as TeamPCP claims attack

CYBERINSIDER.COM — 20 May 2026

⚠️

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension

HELPNETSECURITY.COM — 20 May 2026

⚠️

SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain

CSOONLINE.COM — 20 May 2026

⚠️

ArmorCode gives security teams AI workers for exposure and remediation

HELPNETSECURITY.COM — 20 May 2026

⚠️

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

THEHACKERNEWS.COM — 20 May 2026

⚠️

Grafana GitHub Security Incident Reportedly Connected to TanStack npm Ransomware

GBHACKERS.COM — 20 May 2026

⚠️

Gremlin Stealer Hides C2 and Exfiltration Paths in Encrypted Resources

GBHACKERS.COM — 20 May 2026

⚠️

Old Breaches Resold as New Corporate Data Leaks

GBHACKERS.COM — 20 May 2026

⚠️

GitHub admits major source code leak after 3,800 internal repositories breached

CSOONLINE.COM — 20 May 2026

⚠️

Implement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speed

TENABLE.COM — 20 May 2026

⚠️

Ukraine probes teen suspect in cyber theft scheme targeting California online shoppers

THERECORD.MEDIA — 20 May 2026

⚠️

Compromised coding tool helped hackers breach thousands of GitHub repositories

CYBERSECURITYDIVE.COM — 20 May 2026

⚠️

Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free

SECURITYAFFAIRS.COM — 20 May 2026

⚠️

Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control

DARKREADING.COM — 20 May 2026

⚠️

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector

HELPNETSECURITY.COM — 20 May 2026

⚠️

NanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw

HELPNETSECURITY.COM — 20 May 2026

⚠️

Operationalizing CTEM Faster: Build Surface Command Dashboards in Minutes

RAPID7.COM — 20 May 2026

⚠️

The cost of trusting the extension ecosystem.

THECYBERWIRE.COM — 20 May 2026

⚠️

GitHub Confirms Breach, 4K Internal Repos Stolen

DARKREADING.COM — 20 May 2026

⚠️

The AI Kill Switch Problem

YOUTUBE.COM — 2026-05-20

⚠️

PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch

SECURITYAFFAIRS.COM — 20 May 2026

⚠️

Fake Android Apps Commit Carrier Billing Fraud for Premium Svcs.

DARKREADING.COM — 20 May 2026

📋

Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers

GRAHAMCLULEY.COM — 20 May 2026

📢

Why Policy in Amazon Bedrock AgentCore chose Cedar for securing agentic workflows

AWS.AMAZON.COM — 20 May 2026

🔥

Microsoft disrupts malware code-signing service used by ransomware gangs

CSOONLINE.COM — 20 May 2026

🔥

What happens when your identity provider becomes the kill chain

HELPNETSECURITY.COM — 20 May 2026

🔥

FBI warns students and staff that ShinyHunters may come knocking after Canvas breach

BITDEFENDER.COM — 20 May 2026

🔥

A malicious VS code extension just breached GitHub ‘s internal repositories

SECURITYAFFAIRS.COM — 20 May 2026

🔥

Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals

HELPNETSECURITY.COM — 20 May 2026

🔥

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

INFOSECURITY-MAGAZINE.COM — 20 May 2026

🔥

Fox Tempest Linked to Malware-Signing Service Abusing Microsoft Artifact Signing

GBHACKERS.COM — 20 May 2026

🔥

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

THEHACKERNEWS.COM — 20 May 2026

🔥

Microsoft DurableTask Python Client Targeted in TeamPCP Cyberattack

GBHACKERS.COM — 20 May 2026

🔥

Customers say Trump Mobile is leaking their personal information

TECHCRUNCH.COM — 20 May 2026

🔥

GitHub says hackers stole data from thousands of internal repositories

TECHCRUNCH.COM — 20 May 2026

🔥

GitHub discloses breach of 3,800 internal code repositories.

THECYBERWIRE.COM — 20 May 2026

🔥

7-Eleven confirms breach after ShinyHunters claims

THERECORD.MEDIA — 20 May 2026

🔥

GitHub says internal repositories were impacted in poisoned VS Code extension attack

CYBERSCOOP.COM — 20 May 2026

🔥

7-Eleven hit by data breach

CYBERSECURITYDIVE.COM — 20 May 2026

🔥

Microsoft disrupts cybercrime operation that hid behind legitimate software

CYBERSECURITYDIVE.COM — 20 May 2026

🔥

Meet Rampart and Clarity, Microsoft’s new red team combo AI agents

CYBERSCOOP.COM — 20 May 2026

🔥

Processes and Culture Top Reasons Behind Data Breaches

DARKREADING.COM — 20 May 2026

🔥

Investigating unauthorized access to GitHub’s internal repositories

GITHUB.BLOG — 20 May 2026

🕵️

ISC Stormcast For Wednesday, May 20th, 2026 https://isc.sans.edu/podcastdetail/9938, (Wed, May 20th)

ISC.SANS.EDU — 20 May 2026

🕵️

7 hard truths security pros should know: 2026 DevOps Threats Report

HELPNETSECURITY.COM — 20 May 2026

🕵️

When your AI assistant has the keys to production

HELPNETSECURITY.COM — 20 May 2026

🕵️

Trapdoor Android Ad Fraud Ring Abuses 455 Apps for Fake Clicks

GBHACKERS.COM — 20 May 2026

🕵️

DevilNFC Malware Traps Android Users in NFC Relay Attacks

GBHACKERS.COM — 20 May 2026

🕵️

Mini Shai-Hulud Attack Hits npm Ecosystem, Compromising Over 600 Packages

GBHACKERS.COM — 20 May 2026

🕵️

Single-Letter Go Module Typosquat Drops DNS-Based Backdoor

GBHACKERS.COM — 20 May 2026

🕵️

Communicating cyber risk in dollars boards understand

HELPNETSECURITY.COM — 20 May 2026

🕵️

Void Botnet Leverages Ethereum for Resilient C2

GBHACKERS.COM — 20 May 2026

🕵️

Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign

THECYBERWIRE.COM — 20 May 2026

🕵️

GUEST ESSAY: AI can speed up communication, but it can also weaken human connection

LASTWATCHDOG.COM — 20 May 2026

🕵️

Darwinium updates mobile SDKs to detect remote access scam activity

HELPNETSECURITY.COM — 20 May 2026

🕵️

Fake Tax Assessment Pages Spread Windows Malware

GBHACKERS.COM — 20 May 2026

🕵️

Tracking TamperedChef Clusters via Certificate and Code Reuse

UNIT42.PALOALTONETWORKS.COM — 20 May 2026

🕵️

Trust3 AI focuses on AI agent risks with MCP Security layer

HELPNETSECURITY.COM — 20 May 2026

🕵️

GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations

GBHACKERS.COM — 20 May 2026

🕵️

China-Linked Webworm APT Evolves Tactics, Expands to European Targets

INFOSECURITY-MAGAZINE.COM — 20 May 2026

🕵️

FBI: $388 million lost in crypto ATM scams in 2026

HELPNETSECURITY.COM — 20 May 2026

🕵️

Novata uses AI to map risk across portfolios and supply chains

HELPNETSECURITY.COM — 20 May 2026

🕵️

On AI Security

SCHNEIER.COM — 2026-05-20

🕵️

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

THEHACKERNEWS.COM — 20 May 2026

🕵️

Report: Romance Scams Cost UK Victims £102 Million Last Year

KNOWBE4.COM — 20 May 2026

🕵️

They Put Industrial Systems On Wi-Fi

YOUTUBE.COM — 2026-05-20

🕵️

Block Everything By Default

YOUTUBE.COM — 2026-05-20

🕵️

How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?

ANY.RUN — 20 May 2026

🕵️

Same Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each Other

BLACKHILLSINFOSEC.COM — 20 May 2026

🕵️

Tor launches crowdfunding campaign to support internet freedom projects

CYBERINSIDER.COM — 20 May 2026

🕵️

AI assistants can be hijacked and manipulated by inaudible sounds

CYBERINSIDER.COM — 20 May 2026

🕵️

Steam removes ‘Beyond The Dark’ horror game over malware reports

CYBERINSIDER.COM — 20 May 2026

🕵️

Webworm APT targets European government organizations with new backdoors

HELPNETSECURITY.COM — 20 May 2026

🌐

Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

THEHACKERNEWS.COM — 20 May 2026

🌐

Malicious TV boxes: how a cheap “SuperBox” turns your home into a proxy node for cybercriminals | Kaspersky official blog

KASPERSKY.COM — 20 May 2026

🌐

Fake malware-signing service Fox Tempest dismantled by Microsoft

MALWAREBYTES.COM — 20 May 2026

🌐

Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

INFOSECURITY-MAGAZINE.COM — 20 May 2026

🌐

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

INFOSECURITY-MAGAZINE.COM — 20 May 2026

🎙️

Building AI Content Systems That Actually Work with David Ebner of Content Workshop

THECYBERWIRE.COM — 20 May 2026

📡

Weekly Threat Bulletin – May 20th, 2026

F5.COM — 20 May 2026

📡

Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds

WIRED.COM — 20 May 2026

📡

Researchers Warn CypherLoc Scareware Has Targeted Millions of Users

INFOSECURITY-MAGAZINE.COM — 20 May 2026

📡

Firefox 151 packs big privacy upgrades into a small update

MALWAREBYTES.COM — 20 May 2026

📡

Agent AI is Coming. Are You Ready?

THEHACKERNEWS.COM — 20 May 2026

📡

AWS Security Hub Extended: Why enterprise security products should sell themselves

AWS.AMAZON.COM — 20 May 2026

📡

FTC warns 12 major tech firms of violating Take It Down Act

THERECORD.MEDIA — 20 May 2026

📡

Discord migrates all users to end-to-end encryption by default

THERECORD.MEDIA — 20 May 2026

📡

Texas, Florida top list of states reporting millions of dollars lost through crypto ATMs

THERECORD.MEDIA — 20 May 2026

📡

A New York Cop Got Injured at a Boxing Match. Now Madison Square Garden Is Banning His Lawyer

WIRED.COM — 20 May 2026

📡

Socket raises $60 million in Series C funding.

THECYBERWIRE.COM — 20 May 2026

📡

A Bipartisan Amendment Would End Police License Plate Tracking Nationwide

WIRED.COM — 20 May 2026

📡

Cyber Pros Can't Decide If AI Is a Good or a Bad Thing

DARKREADING.COM — 20 May 2026