121Articles
9Categories
2026-05-20Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 16[−]
20 MayFreePBX Security Flaw Lets Attackers Access User PortalsA critical security vulnerability has been discovered in FreePBX, a widely used open-source PBX platform, allowing unauthenticated attackers to access user portals under certain conditions. The flaw, tracked as CVE-2026-46376, carries a CVSS v4 base score of 9.1 and affects the U…GBHACKERS.COM
20 MayCVE Lite CLI: Open-source dependency vulnerability scannerDependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours o…HELPNETSECURITY.COM
20 MayCVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requestsInformation published.MSRC.MICROSOFT.COM
20 MayPardus Linux Vulnerability Lets Local Attackers Gain Silent Root AccessA critical privilege escalation vulnerability chain, tracked as CVE-2026-5140, has been discovered in the Pardus Linux update mechanism, allowing local users to gain full root access without authentication. The issue, rated CVSS 9.3 (Critical), affects the pardus-update package a…GBHACKERS.COM
20 MayDirtyDecrypt: PoC Released for yet another Linux flawDirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here comes DirtyDecrypt, another local privilege escalation vulnerability in the kernel, …SECURITYAFFAIRS.COM
20 MayMicrosoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the compan…HELPNETSECURITY.COM
20 MayMicrosoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 ExploitMicrosoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. …THEHACKERNEWS.COM
20 MayWhy some security fixes never reach your vulnerability dashboardOn April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.4.0 contained a credential-stealing payload that executed an obfuscated loader and harvested AWS, Azure, GCP, GitHub, and npm tokens from any developer machine that ran npm ins…CSOONLINE.COM
20 MayHow an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).SECURELIST.COM
20 MayCritical ExifTool Vulnerability Lets Hackers Compromise Macs via Malicious ImagesA newly disclosed vulnerability in ExifTool, tracked as CVE-2026-3102, exposes macOS systems to command execution attacks through malicious image metadata, highlighting ongoing risks in widely used file processing tools. ExifTool is a popular utility used across media workflows t…GBHACKERS.COM
20 MayNVIDIA Triton Inference Server Flaw Raises Risk of Unauthorized AccessNVIDIA has disclosed a critical security vulnerability in its Triton Inference Server that could allow attackers to bypass authentication and gain unauthorized access to affected systems. The flaw, tracked as CVE-2026-24207, has been assigned a CVSS v3.1 score of 9.8, indicating …GBHACKERS.COM
20 MayMicrosoft issues YellowKey mitigation, no patch yetMicrosoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a pa…SECURITYAFFAIRS.COM
20 MayVU#980487: Local privilege escalation in Linux Kernel (Dirty Frag)Overview A privilege escalation vulnerability, nicknamed "Dirty Frag," has been discovered in the Linux kernel versions 4.10 and later. This vulnerability is a result of chaining together two previously discovered vulnerabilities, xfrm-ESP Page-Cache Write CVE-2026-43284 and the …KB.CERT.ORG
20 MayDrupal admins rushing to patch maximum severity SQL injection vulnerabilityAdministrators of the Drupal open source content management platform are rushing to install an emergency patch issued today to fix a “highly critical” SQL injection vulnerability in the application’s core. While the vulnerability only affects websites that use the PostgreSQL data…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 35[−]
20 MayWindows 11 BitLocker Zero-Day, TeamPCP Malware Leak, Iran Gas Station Hacks | Cybersecurity TodayA serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems. Cybersecurity Today would like to…CYBERSECURITYTODAY.LIBSYN.COM
20 MayGitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal RepositoriesGitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. "While we currently have no evidence of impact…THEHACKERNEWS.COM
20 MayGrafana GitHub Breach Exposes Source Code via TanStack npm AttackGrafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private sou…THEHACKERNEWS.COM
20 MayPoC Exploit Released for DirtyDecrypt Linux Kernel VulnerabilityPoC exploit code for the DirtyDecrypt (DirtyCBC) Linux kernel vulnerability has been released publicly, turning a previously theoretical local privilege escalation into a practical, copy‑paste exploit path to root on specific Linux distributions. DirtyDecrypt (also called DirtyCB…GBHACKERS.COM
20 MayHackers Exploit MSHTA to Deploy LummaStealer and Amatera MalwareHackers are increasingly abusing the legacy Microsoft HTML Application Host (MSHTA) utility to deliver commodity malware such as LummaStealer and Amatera. Despite being tied to Internet Explorer, which was retired in 2022, MSHTA remains default in Windows, making it an attractive…GBHACKERS.COM
20 MayGitHub Source Code Reportedly Compromised, TeamPCP Claims BreachA threat actor group known as TeamPCP has claimed responsibility for a significant breach involving GitHub’s internal systems, alleging the theft of sensitive source code and proprietary organizational data. The group is currently offering the allegedly stolen dataset for sale on…GBHACKERS.COM
20 MayRisky Business #838 -- GitHub investigates possible breachOn this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: GitHub announced a possible breach CISA leaks important creds, keys in public repo Awful vulnerability in Bitlocker renders it useless without a PIN So. Many. Patche…RISKY.BIZ
20 MayNew NGINX Vulnerability Exposes Servers to Malicious Code ExecutionNGINX has disclosed a new high‑severity vulnerability in its JavaScript module that can allow remote attackers to crash servers and, in specific conditions, execute arbitrary code on vulnerable systems. F5 has published a security advisory (K000161307) describing a flaw in the NG…GBHACKERS.COM
20 MayAlleged Huawei zero-day blamed for the 2025 Luxembourg telecom crashA Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was reportedly triggered by a previously undisclosed flaw in Huawei enterprise routers. The…SECURITYAFFAIRS.COM
20 MayInterpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle EastWhile the numbers are modest, the crackdown on cybercrime involved 13 countries in the MENA region, the largest law enforcement collaboration to date.DARKREADING.COM
20 MayVerizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access VectorVerizon DBIR finds 31% of data breaches began with software flaws last yearINFOSECURITY-MAGAZINE.COM
20 MayTeamPCP GitHub Breach: Internal GitHub Repositories Allegedly AccessedTeamPCP GitHub Breach: Internal GitHub Repositories Allegedly Accessed TeamPCP is back in the headlines, and this time the target is not a plugin, a CI/CD pipeline, or an open-source package. The group is claiming access to GitHub itself, one of the most critical pieces of infras…SOCRADAR.IO
20 MayShift to Prevention and Enforcement as We Repeat Security Mistakes With AI - Rob Allen - BSW #448Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect …YOUTUBE.COM
20 MayGitHub confirms internal repository theft as TeamPCP claims attackGitHub disclosed that it is investigating unauthorized access to its internal repositories after attackers compromised an employee's device through a malicious Visual Studio Code extension. The company says there is currently no evidence that customer repositories or enterprise d…CYBERINSIDER.COM
20 MayTeamPCP breached GitHub’s internal codebase via poisoned VS Code extensionFollowing TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-interna…HELPNETSECURITY.COM
20 MaySHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chainA newly disclosed macOS infostealer campaign is exploiting user trust in some of the biggest names in tech to slip past defenses. Researchers at SentinelOne have detailed a new variant of the SHub malware family, dubbed “Reaper,” that impersonates Apple, Google, and Microsoft at …CSOONLINE.COM
20 MayArmorCode gives security teams AI workers for exposure and remediationArmorCode has announced Anya Agents, a new agentic AI framework delivered on the patented ArmorCode Agentic AI Platform that enables organizations to operationalize AI-driven security workflows at enterprise scale. Built on ArmorCode’s Context Risk Graph, Anya Agents help securit…HELPNETSECURITY.COM
20 MayMicrosoft Open-Sources RAMPART and Clarity to Secure AI Agents During DevelopmentMicrosoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-nativ…THEHACKERNEWS.COM
20 MayGrafana GitHub Security Incident Reportedly Connected to TanStack npm RansomwareGrafana Labs has disclosed a targeted GitHub security incident linked to the ongoing TanStack npm supply chain ransomware campaign, raising concerns about software development pipeline security and token management practices. The company confirmed that attackers gained unauthoriz…GBHACKERS.COM
20 MayGremlin Stealer Hides C2 and Exfiltration Paths in Encrypted ResourcesA newly identified variant of the Gremlin stealer malware is leveraging advanced obfuscation techniques to conceal its command-and-control (C2) infrastructure and data exfiltration logic within encrypted .NET resource sections. This evolution highlights a significant shift toward…GBHACKERS.COM
20 MayOld Breaches Resold as New Corporate Data LeaksDark web data brokers are increasingly recycling old breach data and marketing it as fresh corporate leaks. The activity, largely observed in Chinese-language cybercrime forums and Telegram channels, is creating confusion among organizations and diverting security resources towar…GBHACKERS.COM
20 MayGitHub admits major source code leak after 3,800 internal repositories breachedMicrosoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of the incident first emerged on May 19, when GitHub said it was investigating “unau…CSOONLINE.COM
20 MayImplement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speedAs frontier AI models collapse the traditional exploit window, Tenable Hexa AI transforms the security operating model from manual triage to agentic orchestration. See how you can automate vulnerability remediation and super-charge exposure management with Tenable Hexa AI. Key ta…TENABLE.COM
20 MayUkraine probes teen suspect in cyber theft scheme targeting California online shoppersThe investigation began after U.S. authorities informed their Ukrainian counterparts that hackers operating from Ukraine could be involved in attacks targeting users of American e-commerce platforms, Ukraine's Prosecutor General said.THERECORD.MEDIA
20 MayCompromised coding tool helped hackers breach thousands of GitHub repositoriesThe attack is the latest example of hackers’ intense focus on open-source packages.CYBERSECURITYDIVE.COM
20 MayCarding site B1ack’s Stash dumps 4.6 Million stolen cards for freeCarding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the most active stolen card marketplaces on the dark web, has released 4.6 million credit card records for free, n…SECURITYAFFAIRS.COM
20 MayPatch Now: Critical Flaw in OT Robot OS Gives Attackers ControlAn unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.DARKREADING.COM
20 MayVerizon DBIR: Vulnerability exploitation is the dominant initial access vectorVulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the top spot in the r…HELPNETSECURITY.COM
20 MayNanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClawNanoCo announced a $12 million seed round, alongside the commercial launch of a professional assistant built on its open-source agent framework NanoClaw. Valley Capital Partners led the round. Docker, Vercel, monday.com, Slow Ventures, Clutch Capital, Factorial Capital, and Huggi…HELPNETSECURITY.COM
20 MayOperationalizing CTEM Faster: Build Surface Command Dashboards in MinutesModern attack surfaces don’t sit still. Cloud expansion, SaaS sprawl, identity complexity, and shadow IT are continuously reshaping organizational risk. For security leaders, visibility isn’t the challenge anymore, but actually operationalizing that visibility is. Surface Command…RAPID7.COM
20 MayThe cost of trusting the extension ecosystem.GitHub confirms a breach tied to a malicious VS Code extension. Anthropic fights a Pentagon blacklist as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw. Cisco Talos tracks the evolution of BadIIS malware-for-hire. Signal adds anti-phishing…THECYBERWIRE.COM
20 MayGitHub Confirms Breach, 4K Internal Repos StolenOpen source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor — TeamPCP — took credit.DARKREADING.COM
20 MayThe AI Kill Switch ProblemThe UK is discussing cybersecurity legislation that could include emergency shutdown mechanisms — “kill switches” — for advanced AI systems that threaten national security or human life. The speaker argues that emergency stop capabilities are reasonable at the system level. AI sy…YOUTUBE.COM
20 MayPinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting ArchPinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is Pi…SECURITYAFFAIRS.COM
20 MayFake Android Apps Commit Carrier Billing Fraud for Premium Svcs.The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.DARKREADING.COM
📋 SECURITY BULLETINS 1[−]
20 MaySmashing Security podcast #468: High-speed train hacks and homicidal lawnmowersA 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His defence in court? Possibly the most creative excuse we've heard all year. Meanwhile, owners of $4,000 robot lawnmowers are d…GRAHAMCLULEY.COM
📢 SECURITY ADVISORIES 1[−]
20 MayWhy Policy in Amazon Bedrock AgentCore chose Cedar for securing agentic workflowsAgents have agency: they adapt and find multiple ways to solve problems. This autonomy creates a fundamental security challenge: the large language model (LLM) at the heart of the agent is non-deterministic, and its decisions can’t be predicted or guaranteed in advance. It can ha…AWS.AMAZON.COM
🔥 INCIDENT REPORTING 19[−]
20 MayMicrosoft disrupts malware code-signing service used by ransomware gangsMicrosoft has disrupted the infrastructure powering the largest malware code-signing service used to help ransomware groups and other cybercriminals make malicious programs harder to detect on Windows. The threat actors behind the service used stolen identities and impersonated l…CSOONLINE.COM
20 MayWhat happens when your identity provider becomes the kill chainIn this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in behind you. Constable breaks do…HELPNETSECURITY.COM
20 MayFBI warns students and staff that ShinyHunters may come knocking after Canvas breachHaving receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
20 MayA malicious VS code extension just breached GitHub ‘s internal repositoriesOne employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, the platform that hosts the code for most of the world’s software, getting breac…SECURITYAFFAIRS.COM
20 MayEncryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewalsEncryption Consulting has released CertSecure Manager v3.3, which automates zero-touch certificate renewal across all major enterprise server platforms and extends CA support to 11 providers, including Google Public CA and AWS. Certificate-related outages can cost enterprises mil…HELPNETSECURITY.COM
20 MayGitHub Confirms Breach of Internal Repositories Via Malicious VS Code ExtensionThe prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositoriesINFOSECURITY-MAGAZINE.COM
20 MayFox Tempest Linked to Malware-Signing Service Abusing Microsoft Artifact SigningFox Tempest, a financially motivated threat actor, has been linked to a large-scale malware-signing-as-a-service (MSaaS) operation that abused Microsoft’s Artefact Signing platform to enable cybercriminals to distribute malicious software that appeared to be trusted. According to…GBHACKERS.COM
20 MayMicrosoft Takes Down Malware-Signing Service Behind Ransomware AttacksMicrosoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The …THEHACKERNEWS.COM
20 MayMicrosoft DurableTask Python Client Targeted in TeamPCP CyberattackThe ongoing TeamPCP software supply chain campaign has compromised the official Microsoft DurableTask Python client, a widely used package for orchestrating workflows in Python applications. Three versions of the durabletask package on PyPI, 1.4.1, 1.4.2, and 1.4.3, were identifi…GBHACKERS.COM
20 MayCustomers say Trump Mobile is leaking their personal informationTrump Mobile is leaking customers’ email and home addresses but has not responded to people alerting the company of the data exposure, according to two YouTubers who said they verified that their leaked data is authentic.TECHCRUNCH.COM
20 MayGitHub says hackers stole data from thousands of internal repositoriesThe code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft.TECHCRUNCH.COM
20 MayGitHub discloses breach of 3,800 internal code repositories.Microsoft disrupts malware signing service. Business news: Akamai to acquire LayerX for $205 million.THECYBERWIRE.COM
20 May7-Eleven confirms breach after ShinyHunters claimsThe breach notification letters say 7-Eleven discovered the breach on April 8 and, after an investigation, determined that the cybercriminals gained access to “certain 7-Eleven systems used to store franchisee documents.”THERECORD.MEDIA
20 MayGitHub says internal repositories were impacted in poisoned VS Code extension attackGitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around thir…CYBERSCOOP.COM
20 May7-Eleven hit by data breachThe retailer confirmed that an unauthorized third party gained access to certain systems used to store franchisee documents earlier this spring.CYBERSECURITYDIVE.COM
20 MayMicrosoft disrupts cybercrime operation that hid behind legitimate softwareThe Fox Tempest malware-signing-as-a-service operation was linked to numerous ransomware attacks.CYBERSECURITYDIVE.COM
20 MayMeet Rampart and Clarity, Microsoft’s new red team combo AI agentsMicrosoft’s AI red team lead talked to CyberScoop about the goals behind open sourcing a pair of security tools meant for developers and incident responders. The post Meet Rampart and Clarity, Microsoft’s new red team combo AI agents appeared first on CyberScoop .CYBERSCOOP.COM
20 MayProcesses and Culture Top Reasons Behind Data BreachesGovernment leaders revealed that, in spite of state laws meant to improve cyber hygiene, an analysis of incidents showed issues persist and visibility falls short.DARKREADING.COM
20 MayInvestigating unauthorized access to GitHub’s internal repositoriesIf any impact is discovered, customers will be notified via established incident response and notification channels. The post Investigating unauthorized access to GitHub’s internal repositories appeared first on The GitHub Blog .GITHUB.BLOG
🕵️ THREAT INTELLIGENCE 30[−]
20 MayISC Stormcast For Wednesday, May 20th, 2026 https://isc.sans.edu/podcastdetail/9938, (Wed, May 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 May7 hard truths security pros should know: 2026 DevOps Threats ReportIn 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect. If you want to effectively counter attacks targeted at your code (and business), you need security meas…HELPNETSECURITY.COM
20 MayWhen your AI assistant has the keys to productionLarge language models in operational roles query telemetry, propose configuration changes, and in some deployments execute those changes against live infrastructure. Ticket drafting and alert summarization were the starting point. Vendors describe this work as autonomous remediat…HELPNETSECURITY.COM
20 MayTrapdoor Android Ad Fraud Ring Abuses 455 Apps for Fake ClicksA large-scale Android ad fraud campaign named “Trapdoor,” exposing a sophisticated ecosystem built on 455 malicious apps and 183 command-and-control (C2) domains. The operation combines malvertising, automated click fraud, and advanced evasion techniques to create a self-sustaini…GBHACKERS.COM
20 MayDevilNFC Malware Traps Android Users in NFC Relay AttacksA newly identified Android malware family named DevilNFC is raising concern among cybersecurity researchers for its advanced use of kiosk mode to trap victims during NFC relay attacks. These malware families mark a significant evolution in NFC relay threats. Unlike earlier campai…GBHACKERS.COM
20 MayMini Shai-Hulud Attack Hits npm Ecosystem, Compromising Over 600 PackagesA large-scale supply chain attack targeting the npm ecosystem has resurfaced with a new variant of the Mini Shai-Hulud malware, compromising more than 600 packages and introducing advanced evasion techniques, including forged Sigstore provenance. The attack primarily targeted the…GBHACKERS.COM
20 MaySingle-Letter Go Module Typosquat Drops DNS-Based BackdoorA newly uncovered software supply chain attack targeting Go developers demonstrates how a single-character typo can silently introduce a persistent backdoor. A malicious Go module, github.com/shopsprint/decimal, designed to impersonate the widely trusted github.com/shopspring/dec…GBHACKERS.COM
20 MayCommunicating cyber risk in dollars boards understandIn this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting…HELPNETSECURITY.COM
20 MayVoid Botnet Leverages Ethereum for Resilient C2A newly identified botnet, named Void, is leveraging Ethereum smart contracts to build a resilient, hard-to-disrupt command-and-control (C2) infrastructure, marking a continued evolution in blockchain-enabled cybercrime. Discovered in March 2026 and advertised on a Russian-langua…GBHACKERS.COM
20 MayEviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing CampaignIn this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ joins researchers from Huntress to break down the rise of ⁠EvilTokens⁠, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, t…THECYBERWIRE.COM
20 MayGUEST ESSAY: AI can speed up communication, but it can also weaken human connectionThe first warning sign came on stage. Related: Carol Sturka declares her agency I had turned to ChatGPT to help organize research notes for an upcoming keynote. I was pressed for time and wanted help spotting patterns I might have … (more…) The post GUEST ESSAY: AI can spee…LASTWATCHDOG.COM
20 MayDarwinium updates mobile SDKs to detect remote access scam activityDarwinium has announced updates to its Android and iOS mobile SDKs. It enables banks, payment providers, and digital businesses to tackle the proliferation of remote access scams, including those that manipulate live sessions and account farming operations that run mule networks.…HELPNETSECURITY.COM
20 MayFake Tax Assessment Pages Spread Windows MalwareHackers are actively targeting Windows users with fake Indian Income Tax assessment pages in a campaign tracked as TAX#TRIDENT. The campaign begins with fraudulent tax assessment or penalty pages designed to create urgency. Victims are prompted to download what appears to be an o…GBHACKERS.COM
20 MayTracking TamperedChef Clusters via Certificate and Code ReuseUnit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Tracking TamperedChef Clusters via Certificate and Code Reuse appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
20 MayTrust3 AI focuses on AI agent risks with MCP Security layerTrust3 AI has announced the launch of Model Context Protocol (MCP) Security, establishing a new standard for safeguarding enterprise agentic AI workloads. This solution forms a key capability within Trust3 AI’s enterprise agent control plane, empowering security and governa…HELPNETSECURITY.COM
20 MayGraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 OperationsA new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to governm…GBHACKERS.COM
20 MayChina-Linked Webworm APT Evolves Tactics, Expands to European TargetsChina-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET researchINFOSECURITY-MAGAZINE.COM
20 MayFBI: $388 million lost in crypto ATM scams in 2026Americans lost more than $388 million to crypto kiosk scams in 2025, with the FBI warning that criminals are increasingly directing victims to transfer funds through these machines. Cryptocurrency kiosks, popularly known as Bitcoin ATMs, are physical automated teller machines tha…HELPNETSECURITY.COM
20 MayNovata uses AI to map risk across portfolios and supply chainsNovata has announced the launch of Risk Atlas, a new AI-powered risk monitoring tool designed to help organizations identify, compare, and prioritize risks across portfolios and supply chains. Framework for comparative risk visibility Risk Atlas provides a single, customizable fr…HELPNETSECURITY.COM
20 MayOn AI SecurityGood report : Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don’t actually work for measuring AI capabilities (even when they are NOT em…SCHNEIER.COM
20 MayWebworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph APICybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by B…THEHACKERNEWS.COM
20 MayReport: Romance Scams Cost UK Victims £102 Million Last YearUK residents lost £102 million ($138 million US) to romance scams in 2025, according to a new report from the City of London Police.KNOWBE4.COM
20 MayThey Put Industrial Systems On Wi-FiDoug White describes industrial control systems (ICS/OT) that were exposed online without password protection, including fuel tank gauge consoles such as the Veeder-Root TLS350 and TLS450 Plus. For years, many industrial environments relied on obscurity and isolation as informal …YOUTUBE.COM
20 MayBlock Everything By DefaultA Zero Trust Cloud Access model brokers connections to SaaS platforms through a controlled intermediary instead of exposing those services broadly to the internet. Instead of allowing access from anywhere, organizations can block all inbound access by default and permit only a ve…YOUTUBE.COM
20 MayHow Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?Scaling threat detection as an MSSP doesn’t mean hiring more analysts — it means enabling the analysts you already have to handle more clients, more alerts, and more complex threats without burning out. The practical path forward combines three capabilities: continuous real…ANY.RUN
20 MaySame Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each OtherThere is a certain kind of conversation that doesn’t get written up in a post-mortem, doesn’t generate a ticket, and never makes it into an end-of-quarter report. It happens on the margins—at a conference, in a hallway, or, in this case, at 30,000 feet above sea level. It’s the c…BLACKHILLSINFOSEC.COM
20 MayTor launches crowdfunding campaign to support internet freedom projectsThe Tor Project has launched a new cryptocurrency-based crowdfunding initiative aimed at supporting internet freedom and privacy tools amid growing financial pressure on nonprofit digital rights organizations. The campaign introduces a Web3-focused funding model that uses quadrat…CYBERINSIDER.COM
20 MayAI assistants can be hijacked and manipulated by inaudible soundsHidden audio commands can hijack AI voice assistants and transcription tools without users hearing anything unusual, according to new research set to be presented at the IEEE Symposium on Security and Privacy next week. The study shows that carefully crafted audio clips can elici…CYBERINSIDER.COM
20 MaySteam removes ‘Beyond The Dark’ horror game over malware reportsA malicious game distributed through Steam has been removed from Valve’s platform after users discovered it was secretly harvesting player data and communicating with remote command-and-control infrastructure. The game, titled Beyond The Dark, masqueraded as a free indie horror t…CYBERINSIDER.COM
20 MayWebworm APT targets European government organizations with new backdoorsESET has released an analysis of the 2025 activity of Webworm, a China-aligned APT group tracked as Space Pirates and UAT-8302. Active since at least 2022, the group initially focused on targets in Asia, but has recently expanded its operations into Europe. ESET observed Webworm …HELPNETSECURITY.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
20 MayTyposquatting Is No Longer a User Problem. It's a Supply Chain ProblemAI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR  Typosquat…THEHACKERNEWS.COM
20 MayMalicious TV boxes: how a cheap “SuperBox” turns your home into a proxy node for cybercriminals | Kaspersky official blogA cheap Android TV box promising free subscriptions can easily become the backbone for cybercriminal botnets and proxy servers. We break down how these streaming boxes lease out your IP address, and how to choose a device that’s secure.KASPERSKY.COM
20 MayFake malware-signing service Fox Tempest dismantled by MicrosoftThe service let malware authors sign malicious files with fraudulent Microsoft-issued certificates to bypass security checks.MALWAREBYTES.COM
20 MayAndroid Malware Campaign Used Hundreds of Fake Apps to Silently Charge UsersPremium Deception campaign uses 250 Android apps to silently sign victims up to paid servicesINFOSECURITY-MAGAZINE.COM
20 MayMini Shai-Hulud Hits Hundreds of npm Packages in AntV EcosystemMini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to dateINFOSECURITY-MAGAZINE.COM
🎙️ PODCASTS 1[−]
20 MayBuilding AI Content Systems That Actually Work with David Ebner of Content WorkshopDavid Ebner has been building content for security and tech brands for 13 years, and the work has changed significantly with the dawn of the AI content era. He comes back on the show to talk about what AI systems look like inside a marketing team, how they get built, and what ste…THECYBERWIRE.COM
📡 INFOSEC NEWS 13[−]
20 MayWeekly Threat Bulletin – May 20th, 2026These are the top threats you should know about this week.F5.COM
20 MayData Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report FindsA new study finds AI companies, defense firms, and dating apps are among 38 data collectors allegedly using manipulative design to confuse users while collecting their data.WIRED.COM
20 MayResearchers Warn CypherLoc Scareware Has Targeted Millions of UsersBarracuda reveals new CypherLoc scareware has featured in nearly three million attacksINFOSECURITY-MAGAZINE.COM
20 MayFirefox 151 packs big privacy upgrades into a small updateFirefox 151 adds major privacy improvements and fixes high-priority security vulnerabilities, making this an update you shouldn’t ignore.MALWAREBYTES.COM
20 MayAgent AI is Coming. Are You Ready?New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, "identity dark matter" (the unseen, unmanaged elements of identity) now overshadows the visible elements 57% vs. 43%. And …THEHACKERNEWS.COM
20 MayAWS Security Hub Extended: Why enterprise security products should sell themselvesOur largest security services customers started the same way every customer does – with a click. They enabled Amazon GuardDuty, Amazon Inspector, AWS WAF, and AWS Security Hub, experienced the benefits in real time, and evaluated with transparent pay-as-you-go pricing. No RFP. No…AWS.AMAZON.COM
20 MayFTC warns 12 major tech firms of violating Take It Down ActThe law mandates that platforms make it easy for people to ask that nonconsensual intimate images be removed and to delete them within 48 hours of a request.THERECORD.MEDIA
20 MayDiscord migrates all users to end-to-end encryption by defaultThe move comes as other major social media platforms are killing end-to-end encryption for messaging. In recent months, Instagram and TikTok both announced they will no longer offer the feature.THERECORD.MEDIA
20 MayTexas, Florida top list of states reporting millions of dollars lost through crypto ATMsIn most complaints, victims said they were given detailed information by fraudsters on how to take money from their bank account, where to find a cryptocurrency kiosk and how to send the funds.THERECORD.MEDIA
20 MayA New York Cop Got Injured at a Boxing Match. Now Madison Square Garden Is Banning His LawyerAttorney John Scola is representing a police officer who is suing over injuries allegedly sustained while working security at an MSG property in 2025.WIRED.COM
20 MayA Bipartisan Amendment Would End Police License Plate Tracking NationwideOne line tucked into a federal highway bill would strip funds from cities and states unless they kill their automated plate tracking programs—effectively banning the tech for all but toll collection.WIRED.COM
20 MayCyber Pros Can't Decide If AI Is a Good or a Bad ThingThere is nothing cybersecurity professionals are more excited about, and nothing they fear more, than AI.DARKREADING.COM