🚨 CISA KEV 4[−]
22 May KEVCISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEVThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are list…THEHACKERNEWS.COM
22 May KEVCISA’s new KEV nomination form opens reporting to vendors and researchersThe Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion in its KEV catalog. The form gives outside contributors a direct way to submit v…HELPNETSECURITY.COM
22 May KEVU.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws …SECURITYAFFAIRS.COM
22 May KEVCISA Adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting active exploitation risks and urging immediate remediation. The vulnerabilit…GBHACKERS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 20[−]
22 MayCisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data AccessCisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authe…THEHACKERNEWS.COM
22 May KEVCISA Warns Trend Micro Apex One Vulnerability Is Being Exploited in AttacksCISA has added a newly disclosed vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is actively being exploited in real-world attacks. The issue, tracked as CVE-2026-34926, affects on-premise deployments of Trend Micr…GBHACKERS.COM
22 MayCVE-2026-43331 x86/kexec: Disable KCOV instrumentation after load_segments()Information published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43303 mm/page_alloc: clear page->private in free_pages_prepare()Information published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43465 net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43499 rtmutex: Use waiter::task instead of current in remove_waiter()Information published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43497 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-freeInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43502 net/rds: handle zerocopy send cleanup before the message is queuedInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43501 ipv6: rpl: reserve mac_len headroom when recompressed SRH growsInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43496 net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peekedInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43464 net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43495 net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handlerInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43494 net/rds: reset op_nents when zerocopy page pin failsInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2024-26944 btrfs: zoned: fix use-after-free in do_zone_finish()Information published.MSRC.MICROSOFT.COM
22 MayCVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp messageInformation published.MSRC.MICROSOFT.COM
22 May KEVCISA Issues Alert on Exploited Microsoft Defender Zero-Day VulnerabilitiesCISA has issued an urgent alert warning organizations about two newly disclosed zero-day vulnerabilities affecting Microsoft Defender, both added to the Known Exploited Vulnerabilities (KEV) catalog on May 20, 2026. CVE-2026-45498: Microsoft Defender DoS Vulnerability CVE-2026-45…GBHACKERS.COM
22 MayCVE-2025-38340 firmware: cs_dsp: Fix OOB memory read access in KUnit testInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2024-41023 sched/deadline: Fix task_struct reference leakInformation published.MSRC.MICROSOFT.COM
22 MayDrupal Vulnerability in Hacker Crosshairs Shortly After DisclosureDrupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites. The post Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure appeared first on SecurityWeek .SECURITYWEEK.COM
22 MayMetasploit Wrap Up 05/22/2026Another week, another authentication bypass Our humble Metasploit weekly(ish) blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and @jburgess-r7 have discovered and authored the admin/networking/cisco_sdwan_vhub_auth_bypass module for…RAPID7.COM
⚠️ VULNERABILITY DISCLOSURE 28[−]
22 MayMini Shai-Hulud Attack Prompts npm to Revoke 2FA-Bypass Tokensnpm has forced a platform-wide reset of granular access tokens that bypass two-factor authentication (2FA) after a wave of supply chain attacks linked to the “Mini Shai-Hulud” campaign compromised hundreds of JavaScript packages. The emergency action, rolled out on May 19, invali…GBHACKERS.COM
22 MayMegalodon Malware Rapidly Infects Over 5,500 GitHub RepositoriesA newly identified malware campaign dubbed “Megalodon” has compromised more than 5,500 GitHub repositories, raising serious concerns about the security of open-source ecosystems. Security researchers from SafeDep report that the malware spreads through malicious code injections h…GBHACKERS.COM
22 MayFBI Warns Kali365 PhaaS Platform Targets Microsoft 365 Users to Steal LoginsThe U.S. Federal Bureau of Investigation (FBI) has issued a Public Service Announcement (Alert I-052126-PSA) warning about a newly identified Phishing-as-a-Service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users. First observed in April 2026, the p…GBHACKERS.COM
22 MayGoogle folds CodeMender into agent ecosystem amid push for AI-led AppSecGoogle is expanding the role of its CodeMender security agent from autonomous vulnerability remediation toward a larger agentic development ecosystem, signalling a broader push toward AI-driven AppSec. Months after introducing CodeMender, an AI-powered agent designed to autonomou…CSOONLINE.COM
22 MaySplunk Patches Multiple Vulnerabilities Enabling DoS Attacks and Data ExposureSplunk has released security updates to fix three newly disclosed vulnerabilities that could allow low-privileged users to access sensitive data or disrupt Splunk Enterprise deployments through denial-of-service (DoS) conditions. The patches address issues in both Splunk Enterpri…GBHACKERS.COM
22 MayIdentity as the primary attack surface: What modern breaches are really exploitingThe “retro” way “The thing about the old days is… they are the old days” – Slim Charles , The Wire Protecting a specified network perimeter was the main focus of enterprise security strategy for several decades. Businesses made significant investments in firewalls, intrusion dete…CSOONLINE.COM
22 MayHackers Use Six-Layer Persistence on FreePBX SystemsHackers are actively exploiting FreePBX systems using a highly resilient six-layer persistence mechanism. The campaign has been attributed with high confidence to the threat actor INJ3CTOR3, known for targeting VoIP infrastructure for financial gain since 2019. The operation depl…GBHACKERS.COM
22 MayWhy your AI strategy stops where the PLC starts: Hard lessons from the OT frontlinesI spent two days at a substation connecting a major offshore wind farm to the grid. The control room featured three new AI-ready dashboards and a board mandate to “leverage machine learning for resilience.” It also had a maintenance laptop running Windows 7, literally taped to th…CSOONLINE.COM
22 MayPaved With Intent: ROADtools and Nation-State Tactics in the CloudOpen-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use. The post Paved With Intent: ROADtools and Nation-State Tactics in the Cloud appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
22 MayGitLab 19.0 adds AI workflows, secrets management, and self-hosted model supportGitLab released GitLab 19.0 with expanded secrets management, agentic merge request workflows, improved CI pipeline visibility, support for self-hosted open-source models, and supply chain visibility enhancements. Engineering organizations shipping more code than ever are confron…HELPNETSECURITY.COM
22 MayRussian Hackers Exploit RDP, VPNs, Supply Chains for Initial AccessRussian state-sponsored and aligned threat groups are increasingly combining Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), supply chain compromise, and sophisticated social engineering to gain initial access to targeted networks across government, critical infra…GBHACKERS.COM
22 MayPopular npm Package “art-template” Backdoored in Watering-Hole AttackHackers compromised the popular art-template npm package to inject a stealthy backdoor that redirected users’ browsers to a malicious watering‑hole site delivering a Coruna‑class iOS exploit framework. The campaign turned a widely used JavaScript templating library into a deliver…GBHACKERS.COM
22 MayWe hardened zizmor's GitHub Actions static analyzerIn March 2026, attackers exploited a pull_request_target misconfiguration in the aquasecurity/trivy-action GitHub Action to exfiltrate organization and repository secrets, then used those credentials to backdoor LiteLLM on PyPI (see Trivy’s post-mortem for the full timeline…TRAILOFBITS.COM
22 MayKore.ai unveils AI-native platform for enterprise multiagent systemsKore.ai has launched the new-generation Kore.ai Agent Platform Artemis edition, the AI-programmable, AI-native foundation that builds, governs, and optimizes the agents, systems, and workflows running across the enterprise. The platform launches initially on Microsoft Azure, with…HELPNETSECURITY.COM
22 MayMegalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD WorkflowsCybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipelin…THEHACKERNEWS.COM
22 MayMaking Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exp…THEHACKERNEWS.COM
22 MayUpdate Chrome now: Critical bugs could let attackers run codeThis Chrome update fixes critical flaws attackers could exploit through malicious websites, but not the “Browser Fetch” vulnerability.MALWAREBYTES.COM
22 MayHackers Exploit Middle East Telecoms for Massive C2 OperationsHackers are increasingly abusing Middle East telecommunications networks and hosting providers to operate large-scale command-and-control (C2) infrastructure. The findings highlight a strategic shift away from disposable indicators toward infrastructure-level tracking, allowing d…GBHACKERS.COM
22 MayGoogle’s Exploit Code Release Raises Concern Over Unfixed Chromium Security BugGoogle’s recent release of proof-of-concept (PoC) exploit code for a still-unpatched Chromium vulnerability has sparked significant concern across the cybersecurity community. The flaw, first reported in late 2022 by security researcher Lyra Rebane, remains unresolved after more …GBHACKERS.COM
22 MayCanadian arrested for operating KimWolf botnet tied to record DDoS attackCanadian authorities have arrested a 23-year-old Ottawa man who is accused of operating the DDoS-for-hire KimWolf IoT botnet platform. The arrest follows a broader international law enforcement operation earlier this year that dismantled infrastructure tied to the KimWolf, Aisuru…CYBERINSIDER.COM
22 May$20 per zero-day is already the WordPress plugin realityVulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer, along with a price tag that the se…HELPNETSECURITY.COM
22 May KEVPresident Trump delays signing of AI executive order.CISA warns of actively exploited Trend Micro and Langflow vulnerabilities. Two Americans admit to participation in tech support scam operations.THECYBERWIRE.COM
22 MayPolice take down VPN service (this time with a good reason)European authorities have cracked down on a VPN that has been used for various criminal activities. The operation, led by investigators in France and the Netherlands with help from Europol and Eurojust, has dismantled First VPN, a service that has been heavily promoted within Rus…CSOONLINE.COM
22 MayBreaking down the new Qualcomm chip vulnerability | Kaspersky official blogKaspersky experts have discovered an unpatchable vulnerability in popular Qualcomm chips used in smartphones, cars, smart devices, industrial equipment, and much more. We explain what this vulnerability is and what device owners should do.KASPERSKY.COM
22 MayFBI warns of Kali Oauth stealersThe FBI has warned of the danger from a new wave of phishing attack s generated by a tool called Kali365. It enables cyber criminals to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials by capturi…CSOONLINE.COM
22 MayMicrosoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security PlatformsMicrosoft has been recognized as a Leader in The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026, receiving the highest scores in both the current offering and strategy categories. The post Microsoft recognized as a Leader in The Forrester Wave™ for Workforce Iden…MICROSOFT.COM
22 MayFBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacksThe law enforcement agency published an advisory on Thursday about Kali365 — a Telegram-based service for cybercriminals that allows them to capture legitimate "OAuth" tokens enabling widespread access to Microsoft 365 environments.THERECORD.MEDIA
22 MayAI Deleted Production CodeA developer claimed that an AI coding assistant deleted roughly 30,000 lines of production code while modifying a live application. According to the story, the AI introduced unrelated changes, broke core functionality, and forced the team to roll the entire deployment back. The c…YOUTUBE.COM
📢 SECURITY ADVISORIES 7[−]
22 MaySuspected KimWolf botnet admin arrested over DDoS-for-hire operationU.S. and Canadian authorities arrested and charged a Canadian man accused of operating the KimWolf DDoS botnet, a service linked to attacks that infected more than one million devices worldwide. Jacob Butler, 23, of Ottawa, Canada, also known online as “Dort,” was arr…HELPNETSECURITY.COM
22 MayVersa extends zero trust principles to AI agents and MCP workflowsVersa has introduced a patent-pending zero trust architecture for the Model Context Protocol (MCP), applying zero trust principles to AI execution. The company said every AI-generated action is validated against user identity, role-based access controls, and system policies befor…HELPNETSECURITY.COM
22 MayCISA Security LeakCrazy story : Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Se…SCHNEIER.COM
22 MayMicrosoft says it’s making AI ‘safe for work’ in your browserMicrosoft is testing the addition of agentic AI to its corporate browser, Edge for Business . A new version, currently available in a limited preview, will help perform routine tasks more efficiently, according to Microsoft’s partner product manager for Edge, Lindsay Kubasik. Age…CSOONLINE.COM
22 MayLawmakers Demand Answers as CISA Tries to Contain Data LeakLawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets o…KREBSONSECURITY.COM
22 MayProton VPN vows to resist Canadian surveillance demands under Bill C-22Proton VPN General Manager David Peterson said the Swiss-based VPN provider will not comply with any Canadian surveillance demands stemming from the country’s proposed lawful access legislation, Bill C-22, pledging to challenge the law “by every means available.” In a statement p…CYBERINSIDER.COM
22 MayToo many cooks in the algorithm.Trump hits pause on an AI executive order. Lawmakers sound alarms over CISA cuts. A sophisticated scareware campaign traps users in fake tech support scams. Ubiquiti patches critical UniFi flaws. The U.S. pours billions into quantum computing. Researchers uncover delayed Google A…THECYBERWIRE.COM
🔥 INCIDENT REPORTING 13[−]
22 MayAuthorities Take Down “First VPN” Service Used in Ransomware AttacksAuthorities in Europe have dismantled a major criminal VPN service known as “First VPN,” which was widely used by ransomware operators and cybercriminal groups to conceal their activities. The coordinated operation, led by French and Dutch authorities with support from Eurojust a…GBHACKERS.COM
22 MayHackers Abuse Hugging Face to Deliver npm MalwareA newly uncovered supply chain attack targeting the npm ecosystem has been linked to North Korean (DPRK)-aligned threat actors. The campaign centers around a malicious npm package named terminal-logger-utils, which embeds a sophisticated multi-stage malware capable of keylogging,…GBHACKERS.COM
22 MayOperation Dragon Whistle Targets Changzhou University with Malicious LNK FilesA recent phishing campaign dubbed “Operation Dragon Whistle” highlights an evolving trend in cyberattacks: threat actors abusing legitimate developer tools and cloud services to maintain stealth and persistence. Although initially linked to targeting academic environments such as…GBHACKERS.COM
22 MayGoogle API Key Issue Allows Deleted Keys to Retain Access to Cloud ServicesGoogle Cloud API keys may continue functioning for up to 23 minutes after deletion, exposing a significant security gap that could allow attackers to retain unauthorized access to cloud services even after credentials are revoked. Google API Deleted Keys to Retain Access Security…GBHACKERS.COM
22 MayCloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payloadThe experienced Cloud Atlas group remains active, continuing to target government sectors and diplomatic entities in Russia and Belarus, employing both new and established techniques to maintain persistence in compromised systems.SECURELIST.COM
22 MayKeepnet contributes voice and SMS phishing data to the 2026 Verizon DBIRKeepnet, an Extended Human Risk Management (xHRM) platform, today announced that its voice and SMS phishing simulation data contributed to the 2026 Verizon Data Breach Investigations Report (DBIR). The 2026 edition is the first to include voice and SMS phishing simulation data at…HELPNETSECURITY.COM
22 MayAI Alone Won’t Stop the Breach: Why Email Security Needs Humans-on-the-Loop2026 has officially become the year of speed, scale and support. The delta between a phishing email landing and a full organizational compromise has shrunk to mere seconds. KNOWBE4.COM
22 MayVerizon DBIR: Healthcare Fends Off Increased Social Engineering AttacksRansomware and vendor breaches persist, but the 2026 Data Breach Investigations Report (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable.DARKREADING.COM
22 MayFast and Furious – Nimbus Manticore Operations During the Iranian ConflictKey Findings Introduction During the recent geopolitical tensions in the Middle East, we reported on multiple Iran-nexus threat actors advancing Iran’s strategic objectives through cyber operations. These activities included targeting internet-connected cameras, co…RESEARCH.CHECKPOINT.COM
22 MayKash Patel’s clothing brand website shut down after reports it was hackedAccording to users on X, the website was hijacked by hackers in an attempt to trick visitors into installing malware.TECHCRUNCH.COM
22 MayMcDonald’s France resets accounts after customer data breachMcDonald’s France has confirmed that attackers accessed customer loyalty account information after a breach affecting partners tied to its McDo+ rewards program. The incident led to widespread fraud in which stolen loyalty points were reportedly used to place unauthorized food or…CYBERINSIDER.COM
22 MayNetherlands seizes 800 servers of hosting firm enabling cyberattacksFinancial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns. [...]BLEEPINGCOMPUTER.COM
22 MayFirst VPN Dismantled in Global Takedown Over Use by 25 Ransomware GroupsAuthorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. The disruption of First VPN Servic…THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 27[−]
22 MayISC Stormcast For Friday, May 22nd, 2026 https://isc.sans.edu/podcastdetail/9942, (Fri, May 22nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
22 MayFlipper Introduces Flipper One as a Modular Linux-Based CyberdeckFlipper Devices has officially unveiled Flipper One, a modular, Linux-based cyberdeck designed to push the boundaries of open hardware and portable network analysis platforms. Unlike the popular Flipper Zero, the new device targets high-performance networking, software-defin…GBHACKERS.COM
22 MayThe new economics of fraud: Cheaper, faster, more convincingScams have become one of the fastest-growing consumer risks, driven by AI-enabled impersonation, social engineering, and sophisticated attack methods, according to Visa’s Spring 2026 Biannual Threats Report. Criminals redirect efforts toward trust and third parties Fraud involves…HELPNETSECURITY.COM
22 MayNew infosec products of the week: May 22, 2026Here’s a look at the most interesting products from the past week, featuring releases from ASAPP, Babel Street, CTERA, Forward, Riverbed, and Trust3 AI. Babel Street targets AI-driven threats with new agentic investigation capabilities Babel Street has launched Insights Investiga…HELPNETSECURITY.COM
22 MayCross-Platform NPM Stealer, (Fri, May 22nd)I found a Node.js stealer that looked pretty well obfuscated. The file was not running out-of-the-box because it was uploaded on VT as “extracted-decoded.js†(and reformated). The SHA256 is 049300aa5dd774d6c984779a0570f59610399c71864b5d5c260…ISC.SANS.EDU
22 MayHackers Hide Malware in Nested macOS-Style Folders to Evade ScansHackers are increasingly adopting stealthy delivery techniques, and a newly uncovered spear-phishing campaign shows how nested macOS-like folder structures can be abused to evade detection while deploying advanced malware. The phishing email carries a ZIP attachment named “常州大学20…GBHACKERS.COM
22 MayOne Telecom Provider Hosted Most of the Middle East ’s Active C2 InfrastructureHunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity. For years, threat intelligence focused mostly on malware families, phishing domains, and individual indicators. But a new report from Hunt.io…SECURITYAFFAIRS.COM
22 MayHackers Weaponize NF-e Invoice Lures to Deploy Banana RATHackers are actively using Brazil’s electronic invoice system (NF-e) as a lure to distribute a sophisticated banking trojan known as Banana RAT. The campaign has been attributed to a financially motivated threat cluster tracked as SHADOW-WATER-063 and appears exclusively focused …GBHACKERS.COM
22 MayAndroid Malware Secretly Signs Users Up for Premium ServicesAndroid users are being targeted by a large-scale malware campaign that silently subscribes victims to premium mobile services without their knowledge. The malware campaign focuses on carrier billing fraud, abusing premium SMS services to generate revenue for attackers. What make…GBHACKERS.COM
22 MayMicrosoft 365 users targeted by new phishing threat that bypasses MFAMicrosoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens and …HELPNETSECURITY.COM
22 MayMeet Fractal, an OS made for microarchitecture reverse engineeringProbing how a CPU isolates user code from kernel code is messy work. Researchers patch kernels, write drivers, or boot stripped-down bare-metal programs, and any of those choices change variables they were trying to hold still. Fractal, a new operating system from MIT CSAIL, was …HELPNETSECURITY.COM
22 MayProton Pass adds monitored credential sharing for AI agentsProton Pass, a secure, end-to-end encrypted password manager, added credential sharing through AI access tokens, allowing users to give AI agents access to selected items and monitor activity. To gain access, an agent must provide a reason for the request so users can see what ac…HELPNETSECURITY.COM
22 MayWorld Cup Phishing Surge: 203 Malicious IPs DetectedThe scale of phishing activity targeting the 2026 FIFA World Cup has expanded dramatically, with new research revealing a far broader and more complex threat landscape than initially reported. What began as a cluster of 79 malicious domains has now evolved into a distributed phis…GBHACKERS.COM
22 MayDeleted Google API keys keep working for up to 23 minutes, researchers warnGoogle API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up charges, and, if Gemini is enabled, access uploaded files and cached conversations. The assumed fix is s…HELPNETSECURITY.COM
22 MayTracking Iranian APT Screening Serpens’ 2026 Espionage CampaignsUnit 42 details Screening Serpens' use of AppDomainManager hijacking and new RAT variants to target tech and defense sectors in recent campaigns. The post Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
22 MayShadow AI Is Old Security DebtThe discussion argues that “shadow AI” is really just the latest version of shadow IT — employees sending sensitive data to tools outside official security oversight. The same concerns once tied to Dropbox and cloud apps are now appearing with AI systems like ChatGPT. Unlike trad…YOUTUBE.COM
22 MayIran-linked hackers target key US, allied sectors with sophisticated spear-phishing messagesCompanies, particularly those in the affected industries, should harden their defenses against impersonation schemes, Palo Alto Networks said.CYBERSECURITYDIVE.COM
22 MayNew York regulator calls for additional cyber mitigation amid heightened threat environmentThe guidance from the state Department of Financial Services arises from concerns about frontier AI and threats linked to the Iran war and other geopolitical risks.CYBERSECURITYDIVE.COM
22 MayHow Agentic AI and Automation Are Changing CybersecurityThere is no question that AI is changing cybersecurity in a massive way. In many respects, its impact is comparable to the rise of the internet. AI tools are helping organizations improve efficiency, automate repetitive tasks, and process data at a speed humans simply cannot matc…KNOWBE4.COM
22 MayNordVPN wins early court victory against LaLiga’s VPN blocking campaignA Spanish court has rejected LaLiga’s request to fine NordVPN over alleged failures to comply with a controversial anti-piracy blocking order. The decision was issued on May 19, 2026, by the Commercial Court of Córdoba, which dismissed LaLiga’s petition seeking coercive penalties…CYBERINSIDER.COM
22 MayGhostwriter Targets Ukraine Government Entities with Prometheus Phishing MalwareThe Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine's National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activi…THEHACKERNEWS.COM
22 MayMicrosoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundationsHow Frontier firms secure AI at scale: read how Microsoft customers embed governance, identity, and cloud security to make protection an enabler of AI growth. The post Microsoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations appeared …MICROSOFT.COM
22 MayTelegram’s MTProto protocol leaks persistent identifiers enabling user trackingA newly published technical review of Telegram’s MTProto protocol warns that the messaging platform exposes persistent device identifiers to passive network observers, potentially allowing users to be tracked across networks, locations, and sessions without breaking Telegram’s en…CYBERINSIDER.COM
22 MayFrom edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and ConfluenceA multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and identity compromise. Learn how the threat actor attempted Kerberos relay and lateral movement, and how Microsoft Defender det…MICROSOFT.COM
22 MayFBI warns about fast-growing phishing kit targeting Microsoft 365 usersKali365, which was first observed in April, abuses legitimate Microsoft device authorization pages to grant persistent access to cybercriminal-controlled applications. The post FBI warns about fast-growing phishing kit targeting Microsoft 365 users appeared first on CyberScoop .CYBERSCOOP.COM
22 MayFriday Squid Blogging: Regulating Squid Fishing in the South PacificThe South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
22 MayTVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet... - SWN #583TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-583YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
22 MayKimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire AttacksThe U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses re…THEHACKERNEWS.COM
22 MayFake Gemini and Claude Code Sites Spread Infostealers Through SEO PoisoningThe infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency walletsINFOSECURITY-MAGAZINE.COM
22 MayAuthorities arrest 23-year-old accused of running the Kimwolf botnetCanadian authorities arrested a 23-year-old Ottawa man accused of running the Kimwolf DDoS botnet. The US is now seeking extradition. US authorities have charged 23-year-old Jacob Butler (aka “Dort”), an Ottawa resident, for allegedly operating the recently disrupted Kimwolf botn…SECURITYAFFAIRS.COM
22 MayCanadian man arrested, charged for running KimWolf DDos botnetIn court documents unsealed on Thursday, the Justice Department said Jacob Butler ran KimWolf as a DDoS-for-hire service that infected over a million devices worldwide.THERECORD.MEDIA
22 MayFormer US execs plead guilty to aiding tech support scammersTwo former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 7[−]
22 MayChina's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.DARKREADING.COM
22 MayApple Blocked $2.2bn in App Store Fraud in the Last YearTotal figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bnINFOSECURITY-MAGAZINE.COM
22 MayTrump Mobile confirms it exposed customers’ personal data, including phone numbers and home addressesPresident Trump’s branded cell phone maker and cell provider said the exposure was linked to a third-party platform, and was evaluating whether it needs to notify customers.TECHCRUNCH.COM
22 MayWhy the Supreme Court's Chatrie case could change the meaning of privacy in AmericaLawyer Adam Unikowsky spoke with Recorded Future News about why he believes geofence searches are problematic and why the way the court rules could have a dramatic impact on Americans’ right to privacy.THERECORD.MEDIA
22 MayAkamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise BrowsersWhen Akamai announced its LayerX acquisition, the company joined a growing list of vendors adding secure enterprise browsers to their product portfolios.DARKREADING.COM
22 MayThe Coverage Gap: Why Your Blocklist Is Missing 119,000 Malicious IPs TodayGreyNoise compared 119,842 malicious IPs against 11 major threat feeds. The average coverage: just 2%, exposing the limits of static blocklists.GREYNOISE.IO
22 MayMeta settles school district lawsuit claiming addictive design harmed students' mental healthThe bellwether lawsuit was the first of at least 1,200 to be brought by a school district against Meta, Snap, YouTube and TikTok for similar alleged harms. The other cases have not yet been tried.THERECORD.MEDIA