🚨 CISA KEV 4[−]
21 May KEVMicrosoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (L…HELPNETSECURITY.COM
21 May KEVMini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaignA self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is what you need to know. Key takeaways Mini Shai-Hulud is a self-propagating worm by TeamPCP that steals developer and cloud cr…TENABLE.COM
21 May KEVMicrosoft Defender vulnerabilities are being exploited in the wildCISA added seven known exploited vulnerabilities to its KEV catalog, including two Microsoft Defender flaws.MALWAREBYTES.COM
21 May KEVU.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploi…SECURITYAFFAIRS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 35[−]
21 MayMicrosoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fixMicrosoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof…CSOONLINE.COM
21 MayHighly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE AttacksDrupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CV…THEHACKERNEWS.COM
21 MayCVE-2026-45585 Windows BitLocker Security Feature Bypass VulnerabilityAdded a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script.MSRC.MICROSOFT.COM
21 MayCVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based SyscallsInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information DisclosureInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()Information published.MSRC.MICROSOFT.COM
21 MayCVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.Information published.MSRC.MICROSOFT.COM
21 MayCVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.Information published.MSRC.MICROSOFT.COM
21 MayCVE-2026-42960 Possible cache poisoning via promiscuous records for the authority sectionInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-42959 Crash during DNSSEC validation of malicious contentInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-44608 Use after free and crash under special conditions in RPZ codeInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-33278 Possible arbitrary code execution during DNSSEC validationInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculationsInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injectionInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY FrameInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname ResolutionInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP ProxyInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File WriteInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-41292 Long list of incoming EDNS options degrades performanceInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-42534 Jostle logic bypass degrades resolution performanceInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-40622 Another 'ghost domain names' attack variantInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS optionsInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-44390 Unbounded name compression in certain cases causes degradation of serviceInformation published.MSRC.MICROSOFT.COM
21 MayNine-Year-Old Kernel Flaw Puts Linux SSH Private Keys at RiskA newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, poses a serious risk to SSH private keys and other sensitive credentials. The flaw, present in the kernel since 2016, allows a local attacker to escalate from a basic shell account to full root access on man…GBHACKERS.COM
21 May9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major DistrosCybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user…THEHACKERNEWS.COM
21 MayCritical Vulnerability in Cisco Secure Workload Threatens Enterprise API SecurityCisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain high-level administrative access to sensitive enterprise environments. The flaw, tracked as CVE-2026-20223, carries a maximum CVSS score of 10.…GBHACKERS.COM
21 May KEVMicrosoft Warns of Two Actively Exploited Defender VulnerabilitiesMicrosoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker…THEHACKERNEWS.COM
21 May KEVMicrosoft Defender Zero-Day Vulnerabilities Actively Exploited in the WildMicrosoft has disclosed two new zero-day vulnerabilities in Microsoft Defender that are actively being exploited in the wild, raising concerns among security professionals and enterprise users. The vulnerabilities, tracked as CVE-2026-41091 and CVE-2026-45498, were officially rel…GBHACKERS.COM
21 May KEVCVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004)A highly critical SQL injection vulnerability in Drupal core's database abstraction layer affects sites running PostgreSQL. Key Takeaways CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core's database abstraction API that can be exploited by unauthentica…TENABLE.COM
21 MayCisco fixed maximum severity flaw CVE-2026-20223 in Secure WorkloadCisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-20223 (CVSS score of 10.0), in Secure Workload. The flaw stems f…SECURITYAFFAIRS.COM
21 MayUnpatched ChromaDB flaw leaves servers open to remote code executionResearchers have published details about a critical vulnerability in ChromaDB that could allow unauthenticated attackers to execute arbitrary code and access sensitive data on machines running the open-source vector database. The issue, tracked as CVE-2026-45829, is located in Ch…CSOONLINE.COM
21 MayCritical vulnerability in Cisco Secure Workload rated at maximum severityA critical vulnerability in the on-premises version of the Cisco Secure Workload security platform could allow a threat actor to obtain the privileges of a site admin, enabling them to compromise endpoints and read or modify configuration data. “CSOs need to drop what they are do…CSOONLINE.COM
21 May KEVMicrosoft patches two zero-day flaws in DefenderMicrosoft released emergency fixes for two zero-day vulnerabilities in the malware protection components of Microsoft Defender. The flaws allow local attackers to gain system-level privileges or cause the anti-malware service to stop working correctly. Both conditions are valuabl…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 50[−]
21 MayNew GhostTree Attack Causes EDR Tools to Hang, Leaving Files UnscannedA newly disclosed attack technique dubbed “GhostTree” is raising concerns among defenders after researchers demonstrated how it can disrupt endpoint detection and response (EDR) tools and bypass file scanning mechanisms on Windows systems. The technique, discovered by Varonis Thr…GBHACKERS.COM
21 MayClaude Code Sandbox Flaw May Compromise User SecretsA newly disclosed security flaw in Anthropic’s Claude Code platform has exposed a critical weakness in its network sandbox, potentially allowing attackers to bypass restrictions and exfiltrate sensitive data. The issue, identified by security researcher Aonan Guan, marks the seco…GBHACKERS.COM
21 MayCyber threats push SMBs to spend more on securityCybersecurity has become a key priority for small and medium-sized businesses due to growing threats and wider AI adoption. An IDC survey of 2,200 SMBs in eight markets examined how organizations manage cyber risks, prepare for AI-related threats, and handle third-party vendor se…HELPNETSECURITY.COM
21 MayPoC Released for PinTheft Linux Flaw Enabling Root Privilege EscalationA public proof-of-concept (PoC) exploit called “PinTheft” has been released for a newly disclosed Linux kernel flaw that allows local attackers to escalate privileges to root on certain systems. PinTheft is a Linux local privilege escalation (LPE) exploit that targets a reference…GBHACKERS.COM
21 MayWantToCry Ransomware Exploits SMB to Encrypt Remote FilesA new ransomware campaign named “WantToCry” that leverages exposed Server Message Block (SMB) services to gain access and encrypt victim data without deploying traditional malware on compromised systems. This approach significantly reduces the detection surface, making it harder …GBHACKERS.COM
21 MayWindows93 / Myspace93 - 46,105 breached accountsIn January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data was later leaked in June and included 46k Myspace93 accounts containing email and IP addresses, userna…HAVEIBEENPWNED.COM
21 MayThe friendly skies aren’t friendly.This week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside …THECYBERWIRE.COM
21 MayWhy AI changed the threat model for travel technologyIn this Help Net Security interview, Devon Bryan, SVP, Global CSO at Booking Holdings, reflects on his path from Air Force network security engineer to global CSO across financial services, hospitality, and travel technology. He discusses why the travel industry’s interconn…HELPNETSECURITY.COM
21 MayAI red teaming agents change how LLMs get testedAdversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Crescendo, and Skeleton Key sit alongside hundreds of prompt transforms and scoring methods across open-source frameworks includ…HELPNETSECURITY.COM
21 MayFollow the CryptoEvery threat actor leaves a financial signature. Ransomware operators, state-sponsored hackers, fraud networks — they all need to move money, and when they do, the blockchain records it permanently. Jackie Burns Koven leads cyber threat intelligence at Chainalysis, where she tr…THECYBERWIRE.COM
21 MayCritical Drupal Vulnerability Could Leave Sites Open to CyberattackThe Drupal Security Team has issued a warning about a highly critical vulnerability affecting Drupal core, with a security release scheduled for May 20, 2026 (PSA-2026-05-18). The flaw carries a severity rating of 20/25, indicating a significant risk that attackers could compromi…GBHACKERS.COM
21 MayMini Shai-Hulud Hits @antv npm Packages, Targets CI/CD SecretsAn Active and sophisticated supply chain attack targeting the widely used @antv npm ecosystem, where a threat actor compromised a maintainer account and pushed malicious package updates designed to steal sensitive CI/CD credentials. The campaign, dubbed “Mini Shai-Hulud,” demonst…GBHACKERS.COM
21 MayAI becoming an SOC imperative for curtailing emerging cyber threatsThe cybersecurity profession is on the verge of a sea change, and security pros must begin to master AI tools to combat emerging threats by building more autonomous, real-time protections. Expert panelists at a recent DTX conference session in Manchester, titled “ Bot vs Bot: Sur…CSOONLINE.COM
21 MayTerra adds continuous network exploitation validation to its platformTerra Security has announced the public preview of continuous exploitation validation for network infrastructure, now available to all customers through the Terra Platform. The launch expands Terra’s offensive security capabilities from web applications to network infrastructure …HELPNETSECURITY.COM
21 MayIndian Student Data Weaponized in Phishing and Financial Fraud CampaignsA growing trend in India where student data is increasingly being exploited for cybercrime activities, including phishing, impersonation, social engineering, and financial fraud. As educational institutions rapidly adopt digital platforms for admissions, fee payments, examination…GBHACKERS.COM
21 MayASAPP expands adversarial testing for enterprise AI systemsASAPP has launched Continuous Red Teaming, a new capability that integrates adversarial AI testing directly into ASAPP’s model evaluation framework. The new capability is built on Promptfoo, an AI security platform that helps enterprises detect and address vulnerabilities i…HELPNETSECURITY.COM
21 MayNew NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of ServersA newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exposes millions of servers to potential remote code execution (RCE) attacks. The vulnerability affects NGINX version 1.31.0, …GBHACKERS.COM
21 MayFake Invitation Phishing Campaign Steals Credentials From U.S. OrganizationsA large-scale phishing campaign leveraging fake event invitations is actively targeting U.S. organizations, combining credential theft, OTP interception, and remote access tool abuse into a single attack chain. The campaign stands out due to its repeatable phishing framework, whi…GBHACKERS.COM
21 MayA Hacker Group Is Poisoning Open Source Code at an Unprecedented ScaleGitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.WIRED.COM
21 MayMicrosoft releases open-source tools to operationalize AI agent safetyMicrosoft has open-sourced two new tools aimed at bringing AI safety checks much earlier into the agent development lifecycle. The tools, called Rampart and Clarity, were announced this week as part of Microsoft’s broader push to operationalize safety engineering for agentic AI. …CSOONLINE.COM
21 MayApache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication BypassA critical authentication bypass vulnerability in Apache OFBiz allows attackers to hijack forced password-change flows and achieve remote code execution (RCE) via a single HTTP request, affecting all versions before 24.09.06. Apache OFBiz RCE Flaw Apache OFBiz is an open-source E…GBHACKERS.COM
21 MayTenable One deepens third-party integrations with new Open Connector for unified risk visibilityThe days of rigid, vendor-locked security stacks are over. The Tenable One Open Connector amplifies Tenable One’s extensive capacity to ingest and consolidate third-party security data, giving you more complete visibility across your attack surface, so you can keep using your pre…TENABLE.COM
21 MayEuropol dismantles ‘First VPN’ service used by ransomware gangsEuropean law enforcement agencies have dismantled a long-running VPN service allegedly used by ransomware gangs and cybercriminals to conceal attacks, steal data, and evade investigators. The operation, coordinated by France and the Netherlands with support from Europol and Euroj…CYBERINSIDER.COM
21 MayThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New StoriesThis week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it…THEHACKERNEWS.COM
21 MaySelective HTTP Proxying in Linux, (Thu, May 21st)Recently, Rob wrote about a tool, Proxifier , that can intercept requests from specific processes. Proxifier is available for Windows, macOS, and Android. But I have not seen a generic Linux option yet. The advantage of a tool like Proxifier is the ability to target specific soft…ISC.SANS.EDU
21 MayReducing Phish-Prone Rates Without Training Fatigue: A Practical Playbook for Traditional OrganizationsPhishing remains the single biggest human-driven threat in most organizations. Yet many security leaders face a familiar problem: the stronger the push to run frequent training and simulations, the louder the employee backlash. Complaints range from “too many tests” to “training …KNOWBE4.COM
21 MayChinese APTs Share Linux Backdoor in Central Asia Telco Attacks"Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers.DARKREADING.COM
21 MayContent Delivery Exploit Opens Websites to Brand HijackingThe Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity.DARKREADING.COM
21 MayQ1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcementThe first quarter of 2026 reinforced that attackers are moving faster, operating with greater coordination, and exploiting weaknesses before most organizations can respond effectively. From escalating geopolitical tensions to increasingly aggressive ransomware operations, the lat…RAPID7.COM
21 MayShowboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy BackdoorCybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. "Showboat is a modular post-exploitation framework designed for Linux…THEHACKERNEWS.COM
21 MayCybersecurity’s Hidden Communication RiskCybersecurity professionals often rely on acronyms and technical shorthand without realizing most people don’t understand them. The speaker connects this to a behavioral science concept called the “curse of experience” — experts naturally assume others share their knowledge. That…YOUTUBE.COM
21 MayUK plans for cybercrime law reform would protect almost no one, experts warnThe proposals would require researchers to cease activity the moment a vulnerability is identified, meaning they could not confirm it was real, assess its severity or determine its exploitability.THERECORD.MEDIA
21 MayAuthorities dismantle First VPN, used by ransomware actorsFirst VPN, a virtual private network service marketed to cybercriminals, promising anonymity for its users, was taken offline on May 19 and 20 as part of Operation Saffron. During the operation, French and Dutch authorities, with support from Europol and Eurojust, dismantled 33 s…HELPNETSECURITY.COM
21 May KEVCISA asks cybersecurity community to alert it to vulnerability exploitationThe agency wants to ensure that its public catalog of actively exploited flaws is as comprehensive as possible.CYBERSECURITYDIVE.COM
21 MayAttackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fixAttackers bypassed MFA on patched SonicWall Gen6 VPNs because admins missed extra manual steps required to fully fix the flaw. There is a particular kind of security failure that is harder to catch than an unpatched system: a patched system where the patch did not actually work b…SECURITYAFFAIRS.COM
21 MaymacOS Kernel Memory Corruption ExploitA group used Anthropic’s Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple’s M5. News article .SCHNEIER.COM
21 MayRobinhood Glitch Allowed Attackers to Send Phishing Emails to CustomersA phishing campaign exploited a glitch in Robinhood’s account creation process to send phishing emails from the investment platform’s own systems, SecurityWeek reports.KNOWBE4.COM
21 May KEVMicrosoft patches two actively exploited Defender vulnerabilities.Europol operation shutters First VPN. Ukrainian police identify suspected infostealer operator.THECYBERWIRE.COM
21 MayTrump Mobile exposes data of customers who ordered the T1 phoneTrump Mobile, the wireless carrier and smartphone brand tied to US President Donald Trump, is reportedly exposing sensitive customer information through an easily exploitable flaw on its website. That is according to claims made by YouTubers Coffeezilla and penguinz0, both of who…CYBERINSIDER.COM
21 MayMicrosoft open-sources tools for designing and testing AI agentsMicrosoft has open-sourced two tools aimed at bringing security discipline to AI agent development: Clarity, a structured design review tool, and RAMPART, a continuous testing framework. The release comes from Microsoft’s AI Red Team, the company’s internal unit that …HELPNETSECURITY.COM
21 MayCISA chief frets about open-source vulnerabilities, delayed security improvementsActing director Nick Andersen’s comments came as a wave of malware attacks hit tech that’s publicly available for collaboration. The post CISA chief frets about open-source vulnerabilities, delayed security improvements appeared first on CyberScoop .CYBERSCOOP.COM
21 MayThe art of being ungovernableIn this edition of the Threat Source newsletter, William explores the value of being "ungovernable" in a professional setting, sharing how challenging the status quo and seeking out the smartest people in the room can lead to a more fulfilling and successful career.TALOSINTELLIGENCE.COM
21 MayTrump postpones executive order focused on AI securityUnder a draft executive order, the NSA, Treasury Department and other federal agencies would get 90-days to test new models for cybersecurity and national security concerns. The post Trump postpones executive order focused on AI security appeared first on CyberScoop .CYBERSCOOP.COM
21 MayGlobal law enforcement operation takes First VPN offlinePolice seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for ransomware crews,…SECURITYAFFAIRS.COM
21 MayLaw enforcement shuts down VPN service used by two dozen ransomware gangsFirst VPN promised hackers complete anonymity for their cyberattacks. But Europol said it was able to notify the service’s users that they have now been identified.TECHCRUNCH.COM
21 MayThat shield has cracks in it.Microsoft confirms active exploitation of two Defender flaws. Europol dismantles a VPN service tied to ransomware gangs. A nine-year-old Linux kernel bug exposes SSH keys and password hashes. Cisco patches a critical Secure Workload vulnerability, while Drupal fixes a highly crit…THECYBERWIRE.COM
21 May[Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering TargetsGitHub disclosed that attackers accessed its internal repositories after compromising an employee device through a poisoned Visual Studio Code extension. The company said the activity appears limited to GitHub-owned internal repositories, with the attacker’s claim of roughly 3,80…KNOWBE4.COM
21 MayFCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927In the security news this week: - FCC router bans and the hidden firmware update problem - Why extending support timelines actually improves security - Github supply chain concerns and the evolving SBOM ecosystem - CRA and NIS2 compliance deadlines are getting very real - The EU …YOUTUBE.COM
21 MayNew Verizon Report Reveals the Security Gap Attackers Are Exploiting MostVerizon’s 2026 DBIR shows vulnerability exploitation, AI-enabled attacks, third-party risk, and ransomware are reshaping cyber threats. The post New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most appeared first on TechRepublic .TECHREPUBLIC.COM
21 May KEVEU’s 24-Hour Security DeadlineThe EU Cyber Resilience Act introduces a 24-hour disclosure requirement for actively exploited vulnerabilities affecting connected products sold in Europe. That includes hardware, firmware, submodules, and software dependencies. For many organizations, the challenge is not just p…YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
21 MayGoogle Chrome Security Flaws Could Let Attackers Execute Code RemotelyGoogle has released a critical security update for its Chrome browser, addressing multiple vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out to users globally, upgrades Chrome to version 148.0.7778.178/179 for Wi…GBHACKERS.COM
📢 SECURITY ADVISORIES 6[−]
21 MayMullvad confirms VPN fingerprinting flaw, says fix is on the wayMullvad has published an official advisory confirming a fingerprinting issue in its VPN infrastructure that could allow online services to probabilistically correlate users as they switch between VPN servers. The company says the flaw does not expose a user’s identity, but it can…CYBERINSIDER.COM
21 MayEuropean authorities take down prolific cybercrime VPN serviceOfficials arrested the alleged administrator of First VPN, seized its servers and domains. Europol said the service appeared in almost every major recent cybercrime investigation. The post European authorities take down prolific cybercrime VPN service appeared first on CyberScoop…CYBERSCOOP.COM
21 MayProofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to ClaudePROOFPOINT.COM
21 MayDC court could provide potential resolution to Anthropic’s lawsuit.Poland adopts new cryptocurrency regulations.THECYBERWIRE.COM
21 MayLawmakers from both parties say CISA cuts have gone too farReps. Don Bacon, R-Neb., and James Walkinshaw, D-Va., found rare bipartisan agreement that the agency tasked with defending civilian networks has been diminished at a moment when threats from China and others are growing. The post Lawmakers from both parties say CISA cuts have go…CYBERSCOOP.COM
21 MayAlleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in CanadaJacob Butler, a 23-year-old from Ottawa, awaits extradition to the United States and faces up to 10 years in prison. The post Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada appeared first on CyberScoop .CYBERSCOOP.COM
🔥 INCIDENT REPORTING 8[−]
21 MayGitHub Internal Repositories Breached via Malicious Nx Console VS Code ExtensionGitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes as the Nx team r…THEHACKERNEWS.COM
21 MayDragonica Lunaris - 126,293 breached accountsIn December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt password hashes. The service operator confirmed the breach and advised it has since been fixed.HAVEIBEENPWNED.COM
21 MayGrafana Labs Says Code Breach Stemmed from TanStack AttackGrafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attackINFOSECURITY-MAGAZINE.COM
21 MayGitHub, Grafana Labs breaches traced back to TanStack supply chain compromiseGitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of the otherwise benign extension was used to steal sec…HELPNETSECURITY.COM
21 MayGitHub Breach Traced to Malicious 'Nx Console' VS Code ExtensionA threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio MarketplaceINFOSECURITY-MAGAZINE.COM
21 MayGrafana Labs links GitHub environment breach to TanStack npm supply chain attackThe company behind the widely used observability platform refused an extortion demand and has since taken steps to harden its security.CYBERSECURITYDIVE.COM
21 MayCybercriminal VPN Dismantled in Europol CrackdownFirst VPN, a service used by ransomware actors and fraudsters, was dismantled by EuropolINFOSECURITY-MAGAZINE.COM
21 MayDefenders fall behind, as AI rewrites the rules of a data breachFor almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon Data Breach Investigations Report (DBIR). But that's no longer the case. Read more in my article on the Fortra blog.FORTRA.COM
🕵️ THREAT INTELLIGENCE 24[−]
21 MayISC Stormcast For Thursday, May 21st, 2026 https://isc.sans.edu/podcastdetail/9940, (Thu, May 21st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
21 MayProduct showcase: Bitdefender Mobile Security for iOS protects privacy where scams beginBitdefender Mobile Security for iOS is a security and privacy application for iPhone and iPad that helps protect against phishing attempts, online scams, unsafe websites, and account exposure. I have used Bitdefender Mobile Security for iOS for the last two years. It was easy to …HELPNETSECURITY.COM
21 MayTwo U.S. Executives Plead Guilty in India-Based Tech Support Fraud SchemesTwo U.S.-based business executives have pleaded guilty to their roles in enabling large-scale tech-support fraud operations linked to call centers in India, according to the U.S. Department of Justice. Adam Young, 42, former CEO of a telecommunications services company based in M…GBHACKERS.COM
21 MayBadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit SitesA new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-service (MaaS) ecosystem operated by Chinese-speaking cybercrime groups. The newly analyzed variant is marked by embedded “demo.…GBHACKERS.COM
21 MayMost dark web activity revolves around a handful of topicsDark web activity often becomes visible during marketplace seizures, major data leaks, or sudden spikes in criminal activity. Those events can create an impression of an ecosystem where attention shifts quickly and new trends regularly replace old ones. A six-year dataset coverin…HELPNETSECURITY.COM
21 MayP2PInfect Botnet Targets Kubernetes via Exposed RedisA persistent P2Pinfect botnet campaign targeting Google Kubernetes Engine (GKE) clusters through exposed Redis instances, highlighting how a single cloud misconfiguration can enable long-term compromise. In several investigated environments, attackers maintained access for up to …GBHACKERS.COM
21 MayRiverbed introduces new Aternity tools for autonomous IT operationsRiverbed has announced new capabilities for Aternity designed to support autonomous IT operations for digital experience management. The updates help digital workplace teams move toward prevention-focused operations through broader visibility, context-aware intelligence, and gove…HELPNETSECURITY.COM
21 MayForward launches Predict to test network changes before deploymentForward has unveiled Forward Predict, a new capability that allows organizations to evaluate the impact of network changes before deployment. By testing proposed changes against a digital twin of the production network, Forward Predict helps identify potential issues before they …HELPNETSECURITY.COM
21 MayCTERA brings AI insights and automation for unstructured dataCTERA has announced the launch of CTERA InsightAI, an agentic AI intelligence layer for the CTERA Intelligent Data Platform. The new capability is designed to help enterprises understand, manage, secure, and optimize unstructured data environments. CTERA InsightAI adds AI-driven …HELPNETSECURITY.COM
21 MayVirtru centers file collaboration around data-level protectionVirtru unveiled Virtru Collaborate, a new offering that eliminates that tradeoff, a FedRAMP authorized space where sensitive files are encrypted and protected by the Trusted Data Format (TDF), and where that protection travels seamlessly with the data as teams work together acros…HELPNETSECURITY.COM
21 MayTenable Hexa AI automates remediation across attack surfacesTenable has announced the general availability of Tenable Hexa AI, the agentic AI engine of the Tenable One Exposure Management Platform. Tenable Hexa AI is an advanced agentic AI for cybersecurity solution, equipped with advanced multi-step reasoning and Model Context Protocol (…HELPNETSECURITY.COM
21 MayTamperedChef Malware Hides in Signed Apps to Drop Stealers and RATsA large-scale malware campaign dubbed “TamperedChef” is leveraging trojanized productivity applications such as PDF editors, calendar tools, and file converters to silently deploy information stealers and remote access trojans (RATs), according to recent threat intelligence findi…GBHACKERS.COM
21 MayFake Microsoft Teams Downloads Spread ValleyRAT MalwareHackers are actively distributing a sophisticated ValleyRAT malware variant through fake Microsoft Teams download pages, leveraging social engineering and multi-stage execution techniques to evade detection. The campaign, first observed in mid-April on the X platform, uses fraudu…GBHACKERS.COM
21 MayThe readiness paradox: Why a false sense of cyber confidence is becoming a liabilityAs AI expands the attack surface and alert fatigue grows, cyber exposure management offers a clearer path to understanding where risk truly concentrates and how to reduce it before a crisis hits. The post The readiness paradox: Why a false sense of cyber confidence is becoming a …CYBERSCOOP.COM
21 MayDiscord Enables End-to-End Encryption by Default Across Voice and Video FeaturesDiscord has officially enabled end-to-end encryption (E2EE) by default for all voice and video communications across its platform, marking a significant shift in user privacy and secure communications. The announcement, made on May 18, 2026, confirms that every voice and video ca…GBHACKERS.COM
21 MayFitbit Air vs Pixel Watch 4: Which Should You Wear at Night?Fitbit Air offers $99 sleep-first tracking, Pixel Watch 4 pairing, and a cheaper Whoop alternative, but Google’s AI coaching remains unproven. The post Fitbit Air vs Pixel Watch 4: Which Should You Wear at Night? appeared first on TechRepublic .TECHREPUBLIC.COM
21 MayGoogle Health 5.0 Brings New Fitbit App Design, AI Coach, and Android WidgetGoogle Health 5.0 replaces the Fitbit app with a redesigned layout, Gemini-powered coaching, a new Android widget, and retired Fitbit features. The post Google Health 5.0 Brings New Fitbit App Design, AI Coach, and Android Widget appeared first on TechRepublic .TECHREPUBLIC.COM
21 MayGoogle Brings a Long-Missing Apple Feature to AndroidGoogle’s Continue On in Android 17 lets users move supported tasks from phone to tablet, bringing Apple-like Handoff to Android devices soon. The post Google Brings a Long-Missing Apple Feature to Android appeared first on TechRepublic .TECHREPUBLIC.COM
21 MayPermanent Jobs Fall in UK as Temporary Placements Rise: ReportUK permanent job placements fell in April while temporary hires rose due to economic uncertainty and global conflict, according to a new KPMG/REC report The post Permanent Jobs Fall in UK as Temporary Placements Rise: Report appeared first on TechRepublic .TECHREPUBLIC.COM
21 MayHistoric SpaceX IPO Filing Reveals Starlink, AI, and Mars AmbitionsSpaceX’s IPO filing reveals Starlink’s revenue role, major AI spending, Starship costs, Musk’s control, and legal risks facing investors. The post Historic SpaceX IPO Filing Reveals Starlink, AI, and Mars Ambitions appeared first on TechRepublic .TECHREPUBLIC.COM
21 MayGlucose Tracking Is Turning Into the Next Big Health Data PlatformGlucose tracking is moving beyond diabetes care as CGMs, AI platforms, and wearable sensors reshape personalized health data and wellness tools. The post Glucose Tracking Is Turning Into the Next Big Health Data Platform appeared first on TechRepublic .TECHREPUBLIC.COM
21 MayProton Pass adds new protections for AI agents with account accessA new Proton Pass feature allows users to securely share credentials with AI agents via “AI access tokens,” aiming to reduce the security risks posed by autonomous AI tools accessing private accounts. The feature lets users grant AI agents limited, read-only access to selected cr…CYBERINSIDER.COM
21 MayGoogle “Won’t Fix” API key staying active for 23 mins after deletionDeleted Google API keys remain valid for up to 23 minutes after revocation, potentially allowing attackers to continue accessing Google Cloud services and Gemini data long after the credentials have been disabled. Google acknowledged the behavior following a report by Aikido, but…CYBERINSIDER.COM
21 MayBuild Custom, High-Impact Training with KnowBe4’s Content Creation AgentIn the world of security awareness training, a comprehensive library of relevant and engaging content is a necessity. But even the best training can feel limited when you need to talk about your specific VPN rules, a policy that changed this morning, or a novel threat uniquely ta…KNOWBE4.COM
🌐 CYBER THREAT LANDSCAPE 6[−]
21 MayShifting Budget Dynamics for Identity Security and AI AgentsAI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.DARKREADING.COM
21 MayASCII art in phishing emails | Kaspersky official blogCybercriminals using ASCII art to create pseudographics QR codes with embedded phishing links.KASPERSKY.COM
21 MayCatch spyware in the act with Windows Webcam MonitoringKnow when a program tries to access your webcam so you can allow or block, in real time.MALWAREBYTES.COM
21 MayThree-Quarters of Firms Knowingly Ship Vulnerable CodeAI risks threaten to permeate supply chains through unvetted code and unaudited suppliersINFOSECURITY-MAGAZINE.COM
21 MayAI Agents Are Shifting Identity Security Budget DynamicsAI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.DARKREADING.COM
21 MayAlleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and CanadaCanadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the pa…KREBSONSECURITY.COM
🎙️ PODCASTS 1[−]
21 MayWho’s responsible when AI starts making mistakes?With over two decades of experience spanning global CIO and CISO roles Sachin Jain has a perspective on accountability that goes well beyond the CISO's desk. In this episode, Sachin shares why AI governance is a shared responsibility across the organization, and offers practical …THECYBERWIRE.COM
📡 INFOSEC NEWS 16[−]
21 MayScam ads, AI hallucinations, and legal implications.This week, Dave and Ben sit down to discuss two legal cases. The first case involves Santa Clara suing Meta over alleged scam ads. The second story looks at a now dismissed case where the lawyers could potentially face consequences for allegedly using fake AI citations in their f…THECYBERWIRE.COM
21 MayThe EU Is Going Through a Trump-Fueled Breakup With Big TechFrance is already moving on from Zoom and Microsoft Teams in favor of homegrown alternatives. Other countries are quickly following suit.WIRED.COM
21 MayDiscord adds end-to-end encryption to voice and video calls by defaultDiscord now enables end-to-end encryption by default for all voice and video calls, making conversations inaccessible even to the platform itself. No announcement fanfare, no opt-in required, no settings to dig through. Discord flipped a switch on Monday and end-to-end encryption…SECURITYAFFAIRS.COM
21 MayWhen Identity is the Attack PathConsider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily …THEHACKERNEWS.COM
21 MayResearchers left AI agents alone in a virtual town and watched it all unravelTold not to commit crimes, the AI agents mostly did anyway. Arson, violence, romance, self-deletion, and general chaos quickly ensued.MALWAREBYTES.COM
21 MayScammers are abusing an internal Microsoft account to send spam linksThe loophole allows spammers and scammers to send emails from a legitimate Microsoft email address typically used for sending genuine account alerts.TECHCRUNCH.COM
21 MayTikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safetyOfcom says TikTok and YouTube are "not safe enough" for children, but simply adding stricter age checks is not the answer.MALWAREBYTES.COM
21 MayNine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password HashesQualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locallyINFOSECURITY-MAGAZINE.COM
21 MayAutomating identity lifecycle and security with AWS Directory Service APIsManaging identities and access across complex environments has become more critical than ever. AWS Directory Service for Managed Microsoft Active Directory, also known as AWS Managed Microsoft AD, has added new capabilities to manage users and groups. Now, you can perform create,…AWS.AMAZON.COM
21 MayTwo Americans plead guilty to assisting India-based tech support scam centersAdam Young, 42, and Harrison Gevirtz, 33, pleaded guilty to misprision of a felony after they were accused of offering phone numbers, call routing services, call tracking tools and call forwarding services to India-based telemarketing fraudsters.THERECORD.MEDIA
21 MayApple Blocks Over 2 Million Apps in 2025 Fraud CrackdownApple 2025 fraud report shows major App Store protections: over 2M apps rejected, 1B fake accounts blocked, and billions in fraud prevented. Apple ‘s annual fraud prevention report for 2025 paints a striking picture of just how much effort goes into keeping the App Store cl…SECURITYAFFAIRS.COM
21 MayAWS KY3P report now available for third-party supplier due diligenceWe’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture. This assessment demonstrates our continued commitment to meet the heightened expectations of cloud service providers. Custome…AWS.AMAZON.COM
21 MayTech giants promise British regulator they will tweak platforms to protect kids onlineThe regulator, Ofcom, had required Roblox, Snapchat, Instagram, Facebook, YouTube and TikTok to answer questions about their efforts to remove harmful algorithms, check kids’ ages and protect them from sexual predators by the end of April.THERECORD.MEDIA
21 MayGoogle API Keys Remain Active After DeletionA security researcher discovered the API keys can still be used for 23 minutes after deletion, even though the cloud provider claims deletion is immediate.DARKREADING.COM
21 May‘Creepy’ Listening Tool for Targeted Ads Didn’t Actually Work, FTC SaysThree firms will pay nearly $1 million for selling “Active Listening” technology that they claimed tapped people’s phones for advertising. The FTC alleges the “tech” was just pricey email lists.WIRED.COM
21 MayHow CISOs Should Prep for Agentic-Ready AI BOMsFinding ways to document both component and execution attributes for AI bill of materials (AI BOM).DARKREADING.COM