MATLOCK.CA
147Articles
10Categories
2026-05-21Date
๐Ÿšจ
Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (Lโ€ฆ
KEVHELPNETSECURITY.COM — 21 May 2026
๐Ÿšจ
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaignA self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is what you need to know. Key takeaways Mini Shai-Hulud is a self-propagating worm by TeamPCP that steals developer and cloud crโ€ฆ
KEVTENABLE.COM — 21 May 2026
๐Ÿšจ
Microsoft Defender vulnerabilities are being exploited in the wildCISA added seven known exploited vulnerabilities to its KEV catalog, including two Microsoft Defender flaws.
KEVMALWAREBYTES.COM — 21 May 2026
๐Ÿšจ
U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploiโ€ฆ
KEVSECURITYAFFAIRS.COM — 21 May 2026
๐Ÿ›
Microsoft is working on a patch for โ€˜YellowKeyโ€™ attack on Bitlocker, offers temporary fix
CSOONLINE.COM — 21 May 2026
๐Ÿ›
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
THEHACKERNEWS.COM — 21 May 2026
๐Ÿ›
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-32792 Packet of death with DNSCrypt
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-42959 Crash during DNSSEC validation of malicious content
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-44608 Use after free and crash under special conditions in RPZ code
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-41292 Long list of incoming EDNS options degrades performance
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-42534 Jostle logic bypass degrades resolution performance
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-40622 Another 'ghost domain names' attack variant
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
CVE-2026-45736 ws: Uninitialized memory disclosure
MSRC.MICROSOFT.COM — 21 May 2026
๐Ÿ›
Nine-Year-Old Kernel Flaw Puts Linux SSH Private Keys at Risk
GBHACKERS.COM — 21 May 2026
๐Ÿ›
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
THEHACKERNEWS.COM — 21 May 2026
๐Ÿ›
Critical Vulnerability in Cisco Secure Workload Threatens Enterprise API Security
GBHACKERS.COM — 21 May 2026
๐Ÿ›
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
KEVTHEHACKERNEWS.COM — 21 May 2026
๐Ÿ›
Microsoft Defender Zero-Day Vulnerabilities Actively Exploited in the Wild
KEVGBHACKERS.COM — 21 May 2026
๐Ÿ›
CVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004)
KEVTENABLE.COM — 21 May 2026
๐Ÿ›
Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload
SECURITYAFFAIRS.COM — 21 May 2026
๐Ÿ›
Unpatched ChromaDB flaw leaves servers open to remote code execution
CSOONLINE.COM — 21 May 2026
โš ๏ธ
New GhostTree Attack Causes EDR Tools to Hang, Leaving Files Unscanned
GBHACKERS.COM — 21 May 2026
โš ๏ธ
Claude Code Sandbox Flaw May Compromise User Secrets
GBHACKERS.COM — 21 May 2026
โš ๏ธ
Cyber threats push SMBs to spend more on security
HELPNETSECURITY.COM — 21 May 2026
โš ๏ธ
PoC Released for PinTheft Linux Flaw Enabling Root Privilege Escalation
GBHACKERS.COM — 21 May 2026
โš ๏ธ
WantToCry Ransomware Exploits SMB to Encrypt Remote Files
GBHACKERS.COM — 21 May 2026
โš ๏ธ
Windows93 / Myspace93 - 46,105 breached accounts
HAVEIBEENPWNED.COM — 21 May 2026
โš ๏ธ
The friendly skies arenโ€™t friendly.
THECYBERWIRE.COM — 21 May 2026
โš ๏ธ
Why AI changed the threat model for travel technology
HELPNETSECURITY.COM — 21 May 2026
โš ๏ธ
AI red teaming agents change how LLMs get tested
HELPNETSECURITY.COM — 21 May 2026
โš ๏ธ
Follow the Crypto
THECYBERWIRE.COM — 21 May 2026
โš ๏ธ
Critical Drupal Vulnerability Could Leave Sites Open to Cyberattack
GBHACKERS.COM — 21 May 2026
โš ๏ธ
Mini Shai-Hulud Hits @antv npm Packages, Targets CI/CD Secrets
GBHACKERS.COM — 21 May 2026
โš ๏ธ
AI becoming an SOC imperative for curtailing emerging cyber threats
CSOONLINE.COM — 21 May 2026
โš ๏ธ
Terra adds continuous network exploitation validation to its platform
HELPNETSECURITY.COM — 21 May 2026
โš ๏ธ
Indian Student Data Weaponized in Phishing and Financial Fraud Campaigns
GBHACKERS.COM — 21 May 2026
โš ๏ธ
ASAPP expands adversarial testing for enterprise AI systems
HELPNETSECURITY.COM — 21 May 2026
โš ๏ธ
New NGINX 0-Day RCE โ€œnginx-poolslipโ€ Threatens Millions of Servers
GBHACKERS.COM — 21 May 2026
โš ๏ธ
Fake Invitation Phishing Campaign Steals Credentials From U.S. Organizations
GBHACKERS.COM — 21 May 2026
โš ๏ธ
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
WIRED.COM — 21 May 2026
โš ๏ธ
Microsoft releases open-source tools to operationalize AI agent safety
CSOONLINE.COM — 21 May 2026
โš ๏ธ
Apache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication Bypass
GBHACKERS.COM — 21 May 2026
โš ๏ธ
Tenable One deepens third-party integrations with new Open Connector for unified risk visibility
TENABLE.COM — 21 May 2026
โš ๏ธ
Europol dismantles โ€˜First VPNโ€™ service used by ransomware gangs
CYBERINSIDER.COM — 21 May 2026
โš ๏ธ
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
THEHACKERNEWS.COM — 21 May 2026
โš ๏ธ
Selective HTTP Proxying in Linux, (Thu, May 21st)
ISC.SANS.EDU — 21 May 2026
โš ๏ธ
Reducing Phish-Prone Rates Without Training Fatigue: A Practical Playbook for Traditional Organizations
KNOWBE4.COM — 21 May 2026
โš ๏ธ
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
DARKREADING.COM — 21 May 2026
โš ๏ธ
Content Delivery Exploit Opens Websites to Brand Hijacking
DARKREADING.COM — 21 May 2026
โš ๏ธ
Q1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement
RAPID7.COM — 21 May 2026
โš ๏ธ
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
THEHACKERNEWS.COM — 21 May 2026
โš ๏ธ
Cybersecurityโ€™s Hidden Communication Risk
YOUTUBE.COM — 2026-05-21
โš ๏ธ
UK plans for cybercrime law reform would protect almost no one, experts warn
THERECORD.MEDIA — 21 May 2026
โš ๏ธ
Authorities dismantle First VPN, used by ransomware actors
HELPNETSECURITY.COM — 21 May 2026
โš ๏ธ
CISA asks cybersecurity community to alert it to vulnerability exploitation
KEVCYBERSECURITYDIVE.COM — 21 May 2026
โš ๏ธ
Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix
SECURITYAFFAIRS.COM — 21 May 2026
โš ๏ธ
macOS Kernel Memory Corruption Exploit
SCHNEIER.COM — 2026-05-21
โš ๏ธ
Robinhood Glitch Allowed Attackers to Send Phishing Emails to Customers
KNOWBE4.COM — 21 May 2026
โš ๏ธ
Microsoft patches two actively exploited Defender vulnerabilities.
KEVTHECYBERWIRE.COM — 21 May 2026
โš ๏ธ
Trump Mobile exposes data of customers who ordered the T1 phone
CYBERINSIDER.COM — 21 May 2026
โš ๏ธ
Microsoft open-sources tools for designing and testing AI agents
HELPNETSECURITY.COM — 21 May 2026
โš ๏ธ
CISA chief frets about open-source vulnerabilities, delayed security improvements
CYBERSCOOP.COM — 21 May 2026
โš ๏ธ
The art of being ungovernable
TALOSINTELLIGENCE.COM — 21 May 2026
โš ๏ธ
Trump postpones executive order focused on AI security
CYBERSCOOP.COM — 21 May 2026
โš ๏ธ
Global law enforcement operation takes First VPN offline
SECURITYAFFAIRS.COM — 21 May 2026
โš ๏ธ
Law enforcement shuts down VPN service used by two dozen ransomware gangs
TECHCRUNCH.COM — 21 May 2026
โš ๏ธ
That shield has cracks in it.
THECYBERWIRE.COM — 21 May 2026
โš ๏ธ
[Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering Targets
KNOWBE4.COM — 21 May 2026
โš ๏ธ
FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927
YOUTUBE.COM — 2026-05-21
โš ๏ธ
New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most
TECHREPUBLIC.COM — 21 May 2026
๐Ÿ“‹
Google Chrome Security Flaws Could Let Attackers Execute Code Remotely
GBHACKERS.COM — 21 May 2026
๐Ÿ“ข
Mullvad confirms VPN fingerprinting flaw, says fix is on the way
CYBERINSIDER.COM — 21 May 2026
๐Ÿ“ข
European authorities take down prolific cybercrime VPN service
CYBERSCOOP.COM — 21 May 2026
๐Ÿ“ข
Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude
PROOFPOINT.COM — 21 May 2026
๐Ÿ“ข
DC court could provide potential resolution to Anthropicโ€™s lawsuit.
THECYBERWIRE.COM — 21 May 2026
๐Ÿ“ข
Lawmakers from both parties say CISA cuts have gone too far
CYBERSCOOP.COM — 21 May 2026
๐Ÿ”ฅ
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
THEHACKERNEWS.COM — 21 May 2026
๐Ÿ”ฅ
Dragonica Lunaris - 126,293 breached accounts
HAVEIBEENPWNED.COM — 21 May 2026
๐Ÿ”ฅ
Grafana Labs Says Code Breach Stemmed from TanStack Attack
INFOSECURITY-MAGAZINE.COM — 21 May 2026
๐Ÿ”ฅ
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
HELPNETSECURITY.COM — 21 May 2026
๐Ÿ”ฅ
GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
INFOSECURITY-MAGAZINE.COM — 21 May 2026
๐Ÿ”ฅ
Grafana Labs links GitHub environment breach to TanStack npm supply chain attack
CYBERSECURITYDIVE.COM — 21 May 2026
๐Ÿ”ฅ
Cybercriminal VPN Dismantled in Europol Crackdown
INFOSECURITY-MAGAZINE.COM — 21 May 2026
๐Ÿ”ฅ
Defenders fall behind, as AI rewrites the rules of a data breach
FORTRA.COM — 21 May 2026
๐Ÿ•ต๏ธ
ISC Stormcast For Thursday, May 21st, 2026 https://isc.sans.edu/podcastdetail/9940, (Thu, May 21st)
ISC.SANS.EDU — 21 May 2026
๐Ÿ•ต๏ธ
Product showcase: Bitdefender Mobile Security for iOS protects privacy where scams begin
HELPNETSECURITY.COM — 21 May 2026
๐Ÿ•ต๏ธ
Two U.S. Executives Plead Guilty in India-Based Tech Support Fraud Schemes
GBHACKERS.COM — 21 May 2026
๐Ÿ•ต๏ธ
BadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit Sites
GBHACKERS.COM — 21 May 2026
๐Ÿ•ต๏ธ
Most dark web activity revolves around a handful of topics
HELPNETSECURITY.COM — 21 May 2026
๐Ÿ•ต๏ธ
P2PInfect Botnet Targets Kubernetes via Exposed Redis
GBHACKERS.COM — 21 May 2026
๐Ÿ•ต๏ธ
Riverbed introduces new Aternity tools for autonomous IT operations
HELPNETSECURITY.COM — 21 May 2026
๐Ÿ•ต๏ธ
Forward launches Predict to test network changes before deployment
HELPNETSECURITY.COM — 21 May 2026
๐Ÿ•ต๏ธ
CTERA brings AI insights and automation for unstructured data
HELPNETSECURITY.COM — 21 May 2026
๐Ÿ•ต๏ธ
Virtru centers file collaboration around data-level protection
HELPNETSECURITY.COM — 21 May 2026
๐Ÿ•ต๏ธ
Tenable Hexa AI automates remediation across attack surfaces
HELPNETSECURITY.COM — 21 May 2026
๐Ÿ•ต๏ธ
TamperedChef Malware Hides in Signed Apps to Drop Stealers and RATs
GBHACKERS.COM — 21 May 2026
๐Ÿ•ต๏ธ
Fake Microsoft Teams Downloads Spread ValleyRAT Malware
GBHACKERS.COM — 21 May 2026
๐Ÿ•ต๏ธ
The readiness paradox: Why a false sense of cyber confidence is becoming a liability
CYBERSCOOP.COM — 21 May 2026
๐Ÿ•ต๏ธ
Discord Enables End-to-End Encryption by Default Across Voice and Video Features
GBHACKERS.COM — 21 May 2026
๐Ÿ•ต๏ธ
Fitbit Air vs Pixel Watch 4: Which Should You Wear at Night?
TECHREPUBLIC.COM — 21 May 2026
๐Ÿ•ต๏ธ
Google Health 5.0 Brings New Fitbit App Design, AI Coach, and Android Widget
TECHREPUBLIC.COM — 21 May 2026
๐Ÿ•ต๏ธ
Google Brings a Long-Missing Apple Feature to Android
TECHREPUBLIC.COM — 21 May 2026
๐Ÿ•ต๏ธ
Permanent Jobs Fall in UK as Temporary Placements Rise: Report
TECHREPUBLIC.COM — 21 May 2026
๐Ÿ•ต๏ธ
Historic SpaceX IPO Filing Reveals Starlink, AI, and Mars Ambitions
TECHREPUBLIC.COM — 21 May 2026
๐Ÿ•ต๏ธ
Glucose Tracking Is Turning Into the Next Big Health Data Platform
TECHREPUBLIC.COM — 21 May 2026
๐Ÿ•ต๏ธ
Proton Pass adds new protections for AI agents with account access
CYBERINSIDER.COM — 21 May 2026
๐Ÿ•ต๏ธ
Google โ€œWonโ€™t Fixโ€ API key staying active for 23 mins after deletion
CYBERINSIDER.COM — 21 May 2026
๐Ÿ•ต๏ธ
Build Custom, High-Impact Training with KnowBe4โ€™s Content Creation Agent
KNOWBE4.COM — 21 May 2026
๐ŸŒ
Shifting Budget Dynamics for Identity Security and AI Agents
DARKREADING.COM — 21 May 2026
๐ŸŒ
ASCII art in phishing emails | Kaspersky official blog
KASPERSKY.COM — 21 May 2026
๐ŸŒ
Catch spywareย inย the actย with Windows Webcam Monitoring
MALWAREBYTES.COM — 21 May 2026
๐ŸŒ
Three-Quarters of Firms Knowingly Ship Vulnerable Code
INFOSECURITY-MAGAZINE.COM — 21 May 2026
๐ŸŒ
AI Agents Are Shifting Identity Security Budget Dynamics
DARKREADING.COM — 21 May 2026
๐ŸŒ
Alleged Kimwolf Botmaster โ€˜Dortโ€™ Arrested, Charged in U.S. and Canada
KREBSONSECURITY.COM — 21 May 2026
๐ŸŽ™๏ธ
Whoโ€™s responsible when AI starts making mistakes?
THECYBERWIRE.COM — 21 May 2026
๐Ÿ“ก
Scam ads, AI hallucinations, and legal implications.
THECYBERWIRE.COM — 21 May 2026
๐Ÿ“ก
The EU Is Going Through a Trump-Fueled Breakup With Big Tech
WIRED.COM — 21 May 2026
๐Ÿ“ก
Discord adds end-to-end encryption to voice and video calls by default
SECURITYAFFAIRS.COM — 21 May 2026
๐Ÿ“ก
When Identity is the Attack Path
THEHACKERNEWS.COM — 21 May 2026
๐Ÿ“ก
Researchers left AI agents alone in a virtual town and watched it all unravel
MALWAREBYTES.COM — 21 May 2026
๐Ÿ“ก
Scammers are abusing an internal Microsoft account to send spam links
TECHCRUNCH.COM — 21 May 2026
๐Ÿ“ก
TikTok, YouTube, and Roblox face scrutiny, but age gates wonโ€™t fix child safety
MALWAREBYTES.COM — 21 May 2026
๐Ÿ“ก
Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
INFOSECURITY-MAGAZINE.COM — 21 May 2026
๐Ÿ“ก
Automating identity lifecycle and security with AWS Directory Service APIs
AWS.AMAZON.COM — 21 May 2026
๐Ÿ“ก
Two Americans plead guilty to assisting India-based tech support scam centers
THERECORD.MEDIA — 21 May 2026
๐Ÿ“ก
Apple Blocks Over 2 Million Apps in 2025 Fraud Crackdown
SECURITYAFFAIRS.COM — 21 May 2026
๐Ÿ“ก
AWS KY3P report now available for third-party supplier due diligence
AWS.AMAZON.COM — 21 May 2026
๐Ÿ“ก
Tech giants promise British regulator they will tweak platforms to protect kids online
THERECORD.MEDIA — 21 May 2026
๐Ÿ“ก
Google API Keys Remain Active After Deletion
DARKREADING.COM — 21 May 2026
๐Ÿ“ก
โ€˜Creepyโ€™ Listening Tool for Targeted Ads Didnโ€™t Actually Work, FTC Says
WIRED.COM — 21 May 2026
๐Ÿ“ก
How CISOs Should Prep for Agentic-Ready AI BOMs
DARKREADING.COM — 21 May 2026