https://matlock.ca/cybersecnews/ Cybersecurity news aggregated from 94 sources en-us Thu, 21 May 2026 13:01:08 -0300 https://www.helpnetsecurity.com/2026/05/21/microsoft-defender-vulnerabilities-cve-2026-41091-cve-2026-45498/ https://www.helpnetsecurity.com/2026/05/21/microsoft-defender-vulnerabilities-cve-2026-41091-cve-2026-45498/ Thu, 21 May 2026 10:57:13 +0000 CISA KEV Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (L… https://www.tenable.com/blog/mini-shai-hulud-frequently-asked-questions https://www.tenable.com/blog/mini-shai-hulud-frequently-asked-questions Thu, 21 May 2026 11:28:22 -0400 CISA KEV A self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is what you need to know. Key takeaways Mini Shai-Hulud is a self-propagating worm by TeamPCP that steals developer and cloud cr… https://www.csoonline.com/article/4175411/microsoft-is-working-on-a-patch-for-yellowkey-attack-on-bitlocker-offers-temporary-fix-2.html https://www.csoonline.com/article/4175411/microsoft-is-working-on-a-patch-for-yellowkey-attack-on-bitlocker-offers-temporary-fix-2.html Thu, 21 May 2026 01:08:41 +0000 Common Vulnerabilities and Exposures Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof… https://thehackernews.com/2026/05/highly-critical-drupal-core-flaw.html https://thehackernews.com/2026/05/highly-critical-drupal-core-flaw.html Thu, 21 May 2026 09:14:11 +0530 Common Vulnerabilities and Exposures Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CV… https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 Thu, 21 May 2026 07:00:00 -0700 Common Vulnerabilities and Exposures Added a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43619 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43619 Thu, 21 May 2026 01:01:17 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43618 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43618 Thu, 21 May 2026 01:01:23 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43620 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43620 Thu, 21 May 2026 01:01:28 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47784 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47784 Thu, 21 May 2026 01:01:53 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47783 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47783 Thu, 21 May 2026 01:01:59 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32792 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32792 Thu, 21 May 2026 01:02:10 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42960 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42960 Thu, 21 May 2026 01:02:16 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42959 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42959 Thu, 21 May 2026 01:02:21 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44608 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44608 Thu, 21 May 2026 01:02:27 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33278 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33278 Thu, 21 May 2026 01:02:32 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42923 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42923 Thu, 21 May 2026 01:02:54 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45803 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45803 Thu, 21 May 2026 01:03:11 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43970 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43970 Thu, 21 May 2026 01:03:23 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43617 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43617 Thu, 21 May 2026 01:01:34 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45232 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45232 Thu, 21 May 2026 01:01:40 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-29518 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-29518 Thu, 21 May 2026 01:02:04 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41292 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41292 Thu, 21 May 2026 01:02:38 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42534 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42534 Thu, 21 May 2026 01:02:43 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40622 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40622 Thu, 21 May 2026 01:02:49 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42944 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42944 Thu, 21 May 2026 01:03:00 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44390 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44390 Thu, 21 May 2026 01:03:06 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45736 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45736 Thu, 21 May 2026 01:03:17 -0700 Common Vulnerabilities and Exposures Information published. https://gbhackers.com/nine-year-old-kernel-flaw/ https://gbhackers.com/nine-year-old-kernel-flaw/ Thu, 21 May 2026 07:10:25 +0000 Common Vulnerabilities and Exposures A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, poses a serious risk to SSH private keys and other sensitive credentials. The flaw, present in the kernel since 2016, allows a local attacker to escalate from a basic shell account to full root access on man… https://thehackernews.com/2026/05/9-year-old-linux-kernel-flaw-enables.html https://thehackernews.com/2026/05/9-year-old-linux-kernel-flaw-enables.html Thu, 21 May 2026 13:05:53 +0530 Common Vulnerabilities and Exposures Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user… https://gbhackers.com/critical-vulnerability-in-cisco-secure-workload/ https://gbhackers.com/critical-vulnerability-in-cisco-secure-workload/ Thu, 21 May 2026 09:13:21 +0000 Common Vulnerabilities and Exposures Cisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain high-level administrative access to sensitive enterprise environments. The flaw, tracked as CVE-2026-20223, carries a maximum CVSS score of 10.… https://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html https://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html Thu, 21 May 2026 16:25:57 +0530 Common Vulnerabilities and Exposures Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker… https://gbhackers.com/microsoft-defender-zero-day-vulnerabilities/ https://gbhackers.com/microsoft-defender-zero-day-vulnerabilities/ Thu, 21 May 2026 11:32:23 +0000 Common Vulnerabilities and Exposures Microsoft has disclosed two new zero-day vulnerabilities in Microsoft Defender that are actively being exploited in the wild, raising concerns among security professionals and enterprise users. The vulnerabilities, tracked as CVE-2026-41091 and CVE-2026-45498, were officially rel… https://www.tenable.com/blog/cve-2026-9082-highly-critical-sql-injection-vulnerability-in-drupal-core-sa-core-2026-004 https://www.tenable.com/blog/cve-2026-9082-highly-critical-sql-injection-vulnerability-in-drupal-core-sa-core-2026-004 Thu, 21 May 2026 09:25:37 -0400 Common Vulnerabilities and Exposures A highly critical SQL injection vulnerability in Drupal core's database abstraction layer affects sites running PostgreSQL. Key Takeaways CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core's database abstraction API that can be exploited by unauthentica… https://securityaffairs.com/192473/security/cisco-fixed-maximum-severity-flaw-cve-2026-20223-in-secure-workload.html https://securityaffairs.com/192473/security/cisco-fixed-maximum-severity-flaw-cve-2026-20223-in-secure-workload.html Thu, 21 May 2026 13:22:17 +0000 Common Vulnerabilities and Exposures Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-20223 (CVSS score of 10.0), in Secure Workload. The flaw stems f… https://gbhackers.com/new-ghosttree-attack-causes-edr-tools/ https://gbhackers.com/new-ghosttree-attack-causes-edr-tools/ Thu, 21 May 2026 04:54:28 +0000 Vulnerability Disclosure A newly disclosed attack technique dubbed “GhostTree” is raising concerns among defenders after researchers demonstrated how it can disrupt endpoint detection and response (EDR) tools and bypass file scanning mechanisms on Windows systems. The technique, discovered by Varonis Thr… https://gbhackers.com/claude-code-sandbox-flaw/ https://gbhackers.com/claude-code-sandbox-flaw/ Thu, 21 May 2026 04:35:22 +0000 Vulnerability Disclosure A newly disclosed security flaw in Anthropic’s Claude Code platform has exposed a critical weakness in its network sandbox, potentially allowing attackers to bypass restrictions and exfiltrate sensitive data. The issue, identified by security researcher Aonan Guan, marks the seco… https://www.helpnetsecurity.com/2026/05/21/idc-smbs-cybersecurity-spending-report/ https://www.helpnetsecurity.com/2026/05/21/idc-smbs-cybersecurity-spending-report/ Thu, 21 May 2026 04:00:35 +0000 Vulnerability Disclosure Cybersecurity has become a key priority for small and medium-sized businesses due to growing threats and wider AI adoption. An IDC survey of 2,200 SMBs in eight markets examined how organizations manage cyber risks, prepare for AI-related threats, and handle third-party vendor se… https://gbhackers.com/poc-released-for-pintheft-linux-flaw/ https://gbhackers.com/poc-released-for-pintheft-linux-flaw/ Thu, 21 May 2026 05:32:58 +0000 Vulnerability Disclosure A public proof-of-concept (PoC) exploit called “PinTheft” has been released for a newly disclosed Linux kernel flaw that allows local attackers to escalate privileges to root on certain systems. PinTheft is a Linux local privilege escalation (LPE) exploit that targets a reference… https://gbhackers.com/wanttocry-ransomware-exploits-smb/ https://gbhackers.com/wanttocry-ransomware-exploits-smb/ Thu, 21 May 2026 05:02:13 +0000 Vulnerability Disclosure A new ransomware campaign named “WantToCry” that leverages exposed Server Message Block (SMB) services to gain access and encrypt victim data without deploying traditional malware on compromised systems. This approach significantly reduces the detection surface, making it harder … https://haveibeenpwned.com/Breach/Windows93 https://haveibeenpwned.com/Breach/Windows93 Thu, 21 May 2026 03:45:15 +0000 Vulnerability Disclosure In January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data was later leaked in June and included 46k Myspace93 accounts containing email and IP addresses, userna… https://thecyberwire.com/podcasts/hacking-humans/387/notes https://thecyberwire.com/podcasts/hacking-humans/387/notes Thu, 21 May 2026 05:00:00 +0000 Vulnerability Disclosure This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongside ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠… https://www.helpnetsecurity.com/2026/05/21/devon-bryan-booking-holdings-cso-leadership-travel/ https://www.helpnetsecurity.com/2026/05/21/devon-bryan-booking-holdings-cso-leadership-travel/ Thu, 21 May 2026 06:00:03 +0000 Vulnerability Disclosure In this Help Net Security interview, Devon Bryan, SVP, Global CSO at Booking Holdings, reflects on his path from Air Force network security engineer to global CSO across financial services, hospitality, and travel technology. He discusses why the travel industry’s interconn… https://www.helpnetsecurity.com/2026/05/21/ai-red-teaming-agents-research/ https://www.helpnetsecurity.com/2026/05/21/ai-red-teaming-agents-research/ Thu, 21 May 2026 05:00:28 +0000 Vulnerability Disclosure Adversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Crescendo, and Skeleton Key sit alongside hundreds of prompt transforms and scoring methods across open-source frameworks includ… https://thecyberwire.com/podcasts/threat-vector/118/notes https://thecyberwire.com/podcasts/threat-vector/118/notes Thu, 21 May 2026 06:00:00 +0000 Vulnerability Disclosure Every threat actor leaves a financial signature. Ransomware operators, state-sponsored hackers, fraud networks — they all need to move money, and when they do, the blockchain records it permanently. ⁠Jackie Burns Koven⁠ leads cyber threat intelligence at Chainalysis, where she tr… https://gbhackers.com/critical-drupal-vulnerability-could-leave-sites-open-to-cyberattack/ https://gbhackers.com/critical-drupal-vulnerability-could-leave-sites-open-to-cyberattack/ Thu, 21 May 2026 07:38:31 +0000 Vulnerability Disclosure The Drupal Security Team has issued a warning about a highly critical vulnerability affecting Drupal core, with a security release scheduled for May 20, 2026 (PSA-2026-05-18). The flaw carries a severity rating of 20/25, indicating a significant risk that attackers could compromi… https://gbhackers.com/antv-npm-packages/ https://gbhackers.com/antv-npm-packages/ Thu, 21 May 2026 07:14:12 +0000 Vulnerability Disclosure An Active and sophisticated supply chain attack targeting the widely used @antv npm ecosystem, where a threat actor compromised a maintainer account and pushed malicious package updates designed to steal sensitive CI/CD credentials. The campaign, dubbed “Mini Shai-Hulud,” demonst… https://www.csoonline.com/article/4175349/ai-becoming-an-soc-imperative-for-curtailing-emerging-cyber-threats.html https://www.csoonline.com/article/4175349/ai-becoming-an-soc-imperative-for-curtailing-emerging-cyber-threats.html Thu, 21 May 2026 07:00:00 +0000 Vulnerability Disclosure The cybersecurity profession is on the verge of a sea change, and security pros must begin to master AI tools to combat emerging threats by building more autonomous, real-time protections. Expert panelists at a recent DTX conference session in Manchester, titled “ Bot vs Bot: Sur… https://www.helpnetsecurity.com/2026/05/21/terra-security-network-exploitation-validation/ https://www.helpnetsecurity.com/2026/05/21/terra-security-network-exploitation-validation/ Thu, 21 May 2026 07:13:32 +0000 Vulnerability Disclosure Terra Security has announced the public preview of continuous exploitation validation for network infrastructure, now available to all customers through the Terra Platform. The launch expands Terra’s offensive security capabilities from web applications to network infrastructure … https://gbhackers.com/phishing-and-financial-fraud-campaigns/ https://gbhackers.com/phishing-and-financial-fraud-campaigns/ Thu, 21 May 2026 08:07:48 +0000 Vulnerability Disclosure A growing trend in India where student data is increasingly being exploited for cybercrime activities, including phishing, impersonation, social engineering, and financial fraud. As educational institutions rapidly adopt digital platforms for admissions, fee payments, examination… https://www.helpnetsecurity.com/2026/05/21/asapp-expands-adversarial-testing-for-enterprise-ai-systems/ https://www.helpnetsecurity.com/2026/05/21/asapp-expands-adversarial-testing-for-enterprise-ai-systems/ Thu, 21 May 2026 08:11:13 +0000 Vulnerability Disclosure ASAPP has launched Continuous Red Teaming, a new capability that integrates adversarial AI testing directly into ASAPP’s model evaluation framework. The new capability is built on Promptfoo, an AI security platform that helps enterprises detect and address vulnerabilities i… https://gbhackers.com/new-nginx-0-day-rce-nginx-poolslip/ https://gbhackers.com/new-nginx-0-day-rce-nginx-poolslip/ Thu, 21 May 2026 09:24:57 +0000 Vulnerability Disclosure A newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exposes millions of servers to potential remote code execution (RCE) attacks. The vulnerability affects NGINX version 1.31.0, … https://gbhackers.com/fake-invitation-phishing-campaign/ https://gbhackers.com/fake-invitation-phishing-campaign/ Thu, 21 May 2026 09:02:20 +0000 Vulnerability Disclosure A large-scale phishing campaign leveraging fake event invitations is actively targeting U.S. organizations, combining credential theft, OTP interception, and remote access tool abuse into a single attack chain. The campaign stands out due to its repeatable phishing framework, whi… https://www.wired.com/story/teampcp-software-supply-chain-attack-spree-github/ https://www.wired.com/story/teampcp-software-supply-chain-attack-spree-github/ Thu, 21 May 2026 09:00:00 +0000 Vulnerability Disclosure GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations. https://www.csoonline.com/article/4175592/microsoft-releases-open-source-tools-to-operationalize-ai-agent-safety-2.html https://www.csoonline.com/article/4175592/microsoft-releases-open-source-tools-to-operationalize-ai-agent-safety-2.html Thu, 21 May 2026 10:28:06 +0000 Vulnerability Disclosure Microsoft has open-sourced two new tools aimed at bringing AI safety checks much earlier into the agent development lifecycle. The tools, called Rampart and Clarity, were announced this week as part of Microsoft’s broader push to operationalize safety engineering for agentic AI. … https://gbhackers.com/apache-ofbiz-rce-flaw-abuses-password-change-restrictions/ https://gbhackers.com/apache-ofbiz-rce-flaw-abuses-password-change-restrictions/ Thu, 21 May 2026 12:02:37 +0000 Vulnerability Disclosure A critical authentication bypass vulnerability in Apache OFBiz allows attackers to hijack forced password-change flows and achieve remote code execution (RCE) via a single HTTP request, affecting all versions before 24.09.06. Apache OFBiz RCE Flaw Apache OFBiz is an open-source E… https://www.tenable.com/blog/new-tenable-one-open-connector-extends-third-party-integrations-unified-risk-visibility https://www.tenable.com/blog/new-tenable-one-open-connector-extends-third-party-integrations-unified-risk-visibility Thu, 21 May 2026 08:30:00 -0400 Vulnerability Disclosure The days of rigid, vendor-locked security stacks are over. The Tenable One Open Connector amplifies Tenable One’s extensive capacity to ingest and consolidate third-party security data, giving you more complete visibility across your attack surface, so you can keep using your pre… https://cyberinsider.com/europol-dismantles-first-vpn-service-used-by-ransomware-gangs/ https://cyberinsider.com/europol-dismantles-first-vpn-service-used-by-ransomware-gangs/ Thu, 21 May 2026 12:00:12 +0000 Vulnerability Disclosure European law enforcement agencies have dismantled a long-running VPN service allegedly used by ransomware gangs and cybercriminals to conceal attacks, steal data, and evade investigators. The operation, coordinated by France and the Netherlands with support from Europol and Euroj… https://thehackernews.com/2026/05/threatsday-bulletin-linux-rootkits.html https://thehackernews.com/2026/05/threatsday-bulletin-linux-rootkits.html Thu, 21 May 2026 17:22:14 +0530 Vulnerability Disclosure This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it… https://isc.sans.edu/diary/rss/33002 https://isc.sans.edu/diary/rss/33002 Thu, 21 May 2026 13:34:09 +0000 Vulnerability Disclosure Recently, Rob wrote about a tool, Proxifier , that can intercept requests from specific processes. Proxifier is available for Windows, macOS, and Android. But I have not seen a generic Linux option yet. The advantage of a tool like Proxifier is the ability to target specific soft… https://blog.knowbe4.com/reducing-phish-prone-rates-without-training-fatigue-a-practical-playbook-for-traditional-organizations https://blog.knowbe4.com/reducing-phish-prone-rates-without-training-fatigue-a-practical-playbook-for-traditional-organizations Thu, 21 May 2026 13:00:04 +0000 Vulnerability Disclosure Phishing remains the single biggest human-driven threat in most organizations. Yet many security leaders face a familiar problem: the stronger the push to run frequent training and simulations, the louder the employee backlash. Complaints range from “too many tests” to “training … https://www.darkreading.com/threat-intelligence/chinese-apts-linux-backdoor-telco-attacks https://www.darkreading.com/threat-intelligence/chinese-apts-linux-backdoor-telco-attacks Thu, 21 May 2026 14:00:00 +0000 Vulnerability Disclosure "Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers. https://www.darkreading.com/cyber-risk/content-delivery-exploit-websites-brand-hijacking https://www.darkreading.com/cyber-risk/content-delivery-exploit-websites-brand-hijacking Thu, 21 May 2026 13:05:00 +0000 Vulnerability Disclosure The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity. https://www.rapid7.com/blog/post/tr-q1-2026-threat-landscape-report-geopolitics-ransomware https://www.rapid7.com/blog/post/tr-q1-2026-threat-landscape-report-geopolitics-ransomware Thu, 21 May 2026 13:00:00 +0000 Vulnerability Disclosure The first quarter of 2026 reinforced that attackers are moving faster, operating with greater coordination, and exploiting weaknesses before most organizations can respond effectively. From escalating geopolitical tensions to increasingly aggressive ransomware operations, the lat… https://thehackernews.com/2026/05/showboat-linux-malware-hits-middle-east.html https://thehackernews.com/2026/05/showboat-linux-malware-hits-middle-east.html Thu, 21 May 2026 19:47:09 +0530 Vulnerability Disclosure Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. "Showboat is a modular post-exploitation framework designed for Linux… https://www.youtube.com/shorts/uFmYgvJr21Y https://www.youtube.com/shorts/uFmYgvJr21Y Thu, 21 May 2026 14:01:22 +0000 Vulnerability Disclosure Cybersecurity professionals often rely on acronyms and technical shorthand without realizing most people don’t understand them. The speaker connects this to a behavioral science concept called the “curse of experience” — experts naturally assume others share their knowledge. That… https://therecord.media/uk-plans-for-cybercrime-law-reform-limited-protections https://therecord.media/uk-plans-for-cybercrime-law-reform-limited-protections Thu, 21 May 2026 14:47:00 +0000 Vulnerability Disclosure The proposals would require researchers to cease activity the moment a vulnerability is identified, meaning they could not confirm it was real, assess its severity or determine its exploitability. https://www.helpnetsecurity.com/2026/05/21/operation-saffron-first-vpn-takedown/ https://www.helpnetsecurity.com/2026/05/21/operation-saffron-first-vpn-takedown/ Thu, 21 May 2026 14:03:44 +0000 Vulnerability Disclosure First VPN, a virtual private network service marketed to cybercriminals, promising anonymity for its users, was taken offline on May 19 and 20 as part of Operation Saffron. During the operation, French and Dutch authorities, with support from Europol and Eurojust, dismantled 33 s… https://www.cybersecuritydive.com/news/cisa-cve-vulnerability-exploitation-nominations/820870/ https://www.cybersecuritydive.com/news/cisa-cve-vulnerability-exploitation-nominations/820870/ Thu, 21 May 2026 11:00:25 -0400 Vulnerability Disclosure The agency wants to ensure that its public catalog of actively exploited flaws is as comprehensive as possible. https://securityaffairs.com/192477/hacking/attackers-are-bypassing-mfa-on-sonicwall-vpns-because-something-was-wrong-with-previous-fix.html https://securityaffairs.com/192477/hacking/attackers-are-bypassing-mfa-on-sonicwall-vpns-because-something-was-wrong-with-previous-fix.html Thu, 21 May 2026 14:29:21 +0000 Vulnerability Disclosure Attackers bypassed MFA on patched SonicWall Gen6 VPNs because admins missed extra manual steps required to fully fix the flaw. There is a particular kind of security failure that is harder to catch than an unpatched system: a patched system where the patch did not actually work b… https://gbhackers.com/google-chrome-security-flaws/ https://gbhackers.com/google-chrome-security-flaws/ Thu, 21 May 2026 10:41:39 +0000 Security Bulletins Google has released a critical security update for its Chrome browser, addressing multiple vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out to users globally, upgrades Chrome to version 148.0.7778.178/179 for Wi… https://cyberinsider.com/mullvad-confirms-vpn-fingerprinting-flaw-says-fix-is-on-the-way/ https://cyberinsider.com/mullvad-confirms-vpn-fingerprinting-flaw-says-fix-is-on-the-way/ Thu, 21 May 2026 12:48:15 +0000 Security Advisories Mullvad has published an official advisory confirming a fingerprinting issue in its VPN infrastructure that could allow online services to probabilistically correlate users as they switch between VPN servers. The company says the flaw does not expose a user’s identity, but it can… https://thehackernews.com/2026/05/github-internal-repositories-breached.html https://thehackernews.com/2026/05/github-internal-repositories-breached.html Thu, 21 May 2026 09:57:01 +0530 Incident Reporting GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension.  The development comes as the Nx team r… https://haveibeenpwned.com/Breach/Dragonica https://haveibeenpwned.com/Breach/Dragonica Thu, 21 May 2026 04:41:32 +0000 Incident Reporting In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt password hashes. The service operator confirmed the breach and advised it has since been fixed. https://www.infosecurity-magazine.com/news/grafana-labs-code-breach-tanstack/ https://www.infosecurity-magazine.com/news/grafana-labs-code-breach-tanstack/ Thu, 21 May 2026 08:00:00 +0000 Incident Reporting Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack https://www.helpnetsecurity.com/2026/05/21/github-grafana-breach-root-cause-nx-console/ https://www.helpnetsecurity.com/2026/05/21/github-grafana-breach-root-cause-nx-console/ Thu, 21 May 2026 13:42:10 +0000 Incident Reporting GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of the otherwise benign extension was used to steal sec… https://www.infosecurity-magazine.com/news/github-breach-nx-console-vs-code/ https://www.infosecurity-magazine.com/news/github-breach-nx-console-vs-code/ Thu, 21 May 2026 14:45:00 +0000 Incident Reporting A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace https://www.cybersecuritydive.com/news/grafana-labs-github-environment-breach-tanstack-npm-supply-chain/820866/ https://www.cybersecuritydive.com/news/grafana-labs-github-environment-breach-tanstack-npm-supply-chain/820866/ Thu, 21 May 2026 10:49:54 -0400 Incident Reporting The company behind the widely used observability platform refused an extortion demand and has since taken steps to harden its security. https://www.infosecurity-magazine.com/news/first-vpn-takedown-europol/ https://www.infosecurity-magazine.com/news/first-vpn-takedown-europol/ Thu, 21 May 2026 15:30:00 +0000 Incident Reporting First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol https://isc.sans.edu/diary/rss/33000 https://isc.sans.edu/diary/rss/33000 Thu, 21 May 2026 02:00:03 +0000 Threat Intelligence (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. https://www.helpnetsecurity.com/2026/05/21/product-showcase-bitdefender-mobile-security-for-ios/ https://www.helpnetsecurity.com/2026/05/21/product-showcase-bitdefender-mobile-security-for-ios/ Thu, 21 May 2026 04:30:40 +0000 Threat Intelligence Bitdefender Mobile Security for iOS is a security and privacy application for iPhone and iPad that helps protect against phishing attempts, online scams, unsafe websites, and account exposure. I have used Bitdefender Mobile Security for iOS for the last two years. It was easy to … https://gbhackers.com/two-u-s-executives-plead-guilty/ https://gbhackers.com/two-u-s-executives-plead-guilty/ Thu, 21 May 2026 05:43:31 +0000 Threat Intelligence Two U.S.-based business executives have pleaded guilty to their roles in enabling large-scale tech-support fraud operations linked to call centers in India, according to the U.S. Department of Justice. Adam Young, 42, former CEO of a telecommunications services company based in M… https://gbhackers.com/badiis-malware-hijacks-iis/ https://gbhackers.com/badiis-malware-hijacks-iis/ Thu, 21 May 2026 05:34:21 +0000 Threat Intelligence A new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-service (MaaS) ecosystem operated by Chinese-speaking cybercrime groups. The newly analyzed variant is marked by embedded “demo.… https://www.helpnetsecurity.com/2026/05/21/dark-web-activity-research/ https://www.helpnetsecurity.com/2026/05/21/dark-web-activity-research/ Thu, 21 May 2026 05:30:02 +0000 Threat Intelligence Dark web activity often becomes visible during marketplace seizures, major data leaks, or sudden spikes in criminal activity. Those events can create an impression of an ecosystem where attention shifts quickly and new trends regularly replace old ones. A six-year dataset coverin… https://gbhackers.com/p2pinfect-botnet-targets-kubernetes/ https://gbhackers.com/p2pinfect-botnet-targets-kubernetes/ Thu, 21 May 2026 06:41:45 +0000 Threat Intelligence A persistent P2Pinfect botnet campaign targeting Google Kubernetes Engine (GKE) clusters through exposed Redis instances, highlighting how a single cloud misconfiguration can enable long-term compromise. In several investigated environments, attackers maintained access for up to … https://www.helpnetsecurity.com/2026/05/21/riverbed-aternity-innovations/ https://www.helpnetsecurity.com/2026/05/21/riverbed-aternity-innovations/ Thu, 21 May 2026 07:49:40 +0000 Threat Intelligence Riverbed has announced new capabilities for Aternity designed to support autonomous IT operations for digital experience management. The updates help digital workplace teams move toward prevention-focused operations through broader visibility, context-aware intelligence, and gove… https://www.helpnetsecurity.com/2026/05/21/forward-launches-predict-to-test-network-changes-before-deployment/ https://www.helpnetsecurity.com/2026/05/21/forward-launches-predict-to-test-network-changes-before-deployment/ Thu, 21 May 2026 07:36:17 +0000 Threat Intelligence Forward has unveiled Forward Predict, a new capability that allows organizations to evaluate the impact of network changes before deployment. By testing proposed changes against a digital twin of the production network, Forward Predict helps identify potential issues before they … https://www.helpnetsecurity.com/2026/05/21/ctera-insightai/ https://www.helpnetsecurity.com/2026/05/21/ctera-insightai/ Thu, 21 May 2026 07:25:50 +0000 Threat Intelligence CTERA has announced the launch of CTERA InsightAI, an agentic AI intelligence layer for the CTERA Intelligent Data Platform. The new capability is designed to help enterprises understand, manage, secure, and optimize unstructured data environments. CTERA InsightAI adds AI-driven … https://www.helpnetsecurity.com/2026/05/21/virtru-centers-file-collaboration-around-data-level-protection/ https://www.helpnetsecurity.com/2026/05/21/virtru-centers-file-collaboration-around-data-level-protection/ Thu, 21 May 2026 08:20:14 +0000 Threat Intelligence Virtru unveiled Virtru Collaborate, a new offering that eliminates that tradeoff, a FedRAMP authorized space where sensitive files are encrypted and protected by the Trusted Data Format (TDF), and where that protection travels seamlessly with the data as teams work together acros… https://www.helpnetsecurity.com/2026/05/21/tenable-hexa-ai-automates-remediation-across-attack-surfaces/ https://www.helpnetsecurity.com/2026/05/21/tenable-hexa-ai-automates-remediation-across-attack-surfaces/ Thu, 21 May 2026 08:02:56 +0000 Threat Intelligence Tenable has announced the general availability of Tenable Hexa AI, the agentic AI engine of the Tenable One Exposure Management Platform. Tenable Hexa AI is an advanced agentic AI for cybersecurity solution, equipped with advanced multi-step reasoning and Model Context Protocol (… https://gbhackers.com/tamperedchef-malware-hides-in-signed-apps/ https://gbhackers.com/tamperedchef-malware-hides-in-signed-apps/ Thu, 21 May 2026 09:42:32 +0000 Threat Intelligence A large-scale malware campaign dubbed “TamperedChef” is leveraging trojanized productivity applications such as PDF editors, calendar tools, and file converters to silently deploy information stealers and remote access trojans (RATs), according to recent threat intelligence findi… https://gbhackers.com/fake-microsoft-teams-downloads/ https://gbhackers.com/fake-microsoft-teams-downloads/ Thu, 21 May 2026 10:25:57 +0000 Threat Intelligence Hackers are actively distributing a sophisticated ValleyRAT malware variant through fake Microsoft Teams download pages, leveraging social engineering and multi-stage execution techniques to evade detection. The campaign, first observed in mid-April on the X platform, uses fraudu… https://cyberscoop.com/cybersecurity-readiness-paradox-resilience-op-ed/ https://cyberscoop.com/cybersecurity-readiness-paradox-resilience-op-ed/ Thu, 21 May 2026 10:00:00 +0000 Threat Intelligence As AI expands the attack surface and alert fatigue grows, cyber exposure management offers a clearer path to understanding where risk truly concentrates and how to reduce it before a crisis hits. The post The readiness paradox: Why a false sense of cyber confidence is becoming a … https://gbhackers.com/discord-enables-end-to-end-encryption/ https://gbhackers.com/discord-enables-end-to-end-encryption/ Thu, 21 May 2026 11:18:12 +0000 Threat Intelligence Discord has officially enabled end-to-end encryption (E2EE) by default for all voice and video communications across its platform, marking a significant shift in user privacy and secure communications. The announcement, made on May 18, 2026, confirms that every voice and video ca… https://www.techrepublic.com/article/news-fitbit-air-pixel-watch-4-gh/ https://www.techrepublic.com/article/news-fitbit-air-pixel-watch-4-gh/ Thu, 21 May 2026 14:24:17 +0000 Threat Intelligence Fitbit Air offers $99 sleep-first tracking, Pixel Watch 4 pairing, and a cheaper Whoop alternative, but Google’s AI coaching remains unproven. The post Fitbit Air vs Pixel Watch 4: Which Should You Wear at Night? appeared first on TechRepublic . https://www.techrepublic.com/article/news-google-health-fitbit-app-ai-coach-widget/ https://www.techrepublic.com/article/news-google-health-fitbit-app-ai-coach-widget/ Thu, 21 May 2026 12:46:38 +0000 Threat Intelligence Google Health 5.0 replaces the Fitbit app with a redesigned layout, Gemini-powered coaching, a new Android widget, and retired Fitbit features. The post Google Health 5.0 Brings New Fitbit App Design, AI Coach, and Android Widget appeared first on TechRepublic . https://www.techrepublic.com/article/news-google-continue-on-android-17-handoff/ https://www.techrepublic.com/article/news-google-continue-on-android-17-handoff/ Thu, 21 May 2026 12:38:18 +0000 Threat Intelligence Google’s Continue On in Android 17 lets users move supported tasks from phone to tablet, bringing Apple-like Handoff to Android devices soon. The post Google Brings a Long-Missing Apple Feature to Android appeared first on TechRepublic . https://www.techrepublic.com/article/uk-permanent-jobs-fall-temporary-placements-rise/ https://www.techrepublic.com/article/uk-permanent-jobs-fall-temporary-placements-rise/ Thu, 21 May 2026 12:26:56 +0000 Threat Intelligence UK permanent job placements fell in April while temporary hires rose due to economic uncertainty and global conflict, according to a new KPMG/REC report The post Permanent Jobs Fall in UK as Temporary Placements Rise: Report appeared first on TechRepublic . https://www.techrepublic.com/article/news-spacex-ipo-filing-starlink-ai-starship-musk/ https://www.techrepublic.com/article/news-spacex-ipo-filing-starlink-ai-starship-musk/ Thu, 21 May 2026 15:29:38 +0000 Threat Intelligence SpaceX’s IPO filing reveals Starlink’s revenue role, major AI spending, Starship costs, Musk’s control, and legal risks facing investors. The post Historic SpaceX IPO Filing Reveals Starlink, AI, and Mars Ambitions appeared first on TechRepublic . https://www.techrepublic.com/article/news-ai-glucose-monitors-wellness-wearables/ https://www.techrepublic.com/article/news-ai-glucose-monitors-wellness-wearables/ Thu, 21 May 2026 15:07:39 +0000 Threat Intelligence Glucose tracking is moving beyond diabetes care as CGMs, AI platforms, and wearable sensors reshape personalized health data and wellness tools. The post Glucose Tracking Is Turning Into the Next Big Health Data Platform appeared first on TechRepublic . https://www.darkreading.com/identity-access-management-security/shifting-budget-dynamics-for-identity-security-and-ai-agents https://www.darkreading.com/identity-access-management-security/shifting-budget-dynamics-for-identity-security-and-ai-agents Thu, 21 May 2026 08:00:00 +0000 Cyber Threat Landscape AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects. https://www.kaspersky.com/blog/ascii-qr-phishing/55789/ https://www.kaspersky.com/blog/ascii-qr-phishing/55789/ Thu, 21 May 2026 05:00:04 +0000 Cyber Threat Landscape Cybercriminals using ASCII art to create pseudographics QR codes with embedded phishing links. https://www.malwarebytes.com/blog/product/2026/05/catch-spyware-in-the-act-with-windows-webcam-monitoring https://www.malwarebytes.com/blog/product/2026/05/catch-spyware-in-the-act-with-windows-webcam-monitoring Thu, 21 May 2026 10:19:18 +0000 Cyber Threat Landscape Know when a program tries to access your webcam so you can allow or block, in real time. https://www.infosecurity-magazine.com/news/threequarters-knowingly-ship/ https://www.infosecurity-magazine.com/news/threequarters-knowingly-ship/ Thu, 21 May 2026 13:00:00 +0000 Cyber Threat Landscape AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers https://www.darkreading.com/identity-access-management-security/shifting-budget-dynamics-identity-security-ai-agents https://www.darkreading.com/identity-access-management-security/shifting-budget-dynamics-identity-security-ai-agents Thu, 21 May 2026 15:43:37 +0000 Cyber Threat Landscape AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects. https://thecyberwire.com/podcasts/ai-security-brief/3/notes https://thecyberwire.com/podcasts/ai-security-brief/3/notes Thu, 21 May 2026 05:00:00 +0000 Podcasts With over two decades of experience spanning global CIO and CISO roles Sachin Jain has a perspective on accountability that goes well beyond the CISO's desk. In this episode, Sachin shares why AI governance is a shared responsibility across the organization, and offers practical … https://thecyberwire.com/podcasts/caveat/309/notes https://thecyberwire.com/podcasts/caveat/309/notes Thu, 21 May 2026 05:00:00 +0000 Infosec News This week, Dave and Ben sit down to discuss two legal cases. The first case involves Santa Clara suing Meta over alleged scam ads. The second story looks at a now dismissed case where the lawyers could potentially face consequences for allegedly using fake AI citations in their f… https://www.wired.com/story/the-eu-is-going-through-a-trump-fueled-breakup-with-big-tech/ https://www.wired.com/story/the-eu-is-going-through-a-trump-fueled-breakup-with-big-tech/ Thu, 21 May 2026 06:00:00 +0000 Infosec News France is already moving on from Zoom and Microsoft Teams in favor of homegrown alternatives. Other countries are quickly following suit. https://securityaffairs.com/192463/security/discord-adds-end-to-end-encryption-to-voice-and-video-calls-by-default.html https://securityaffairs.com/192463/security/discord-adds-end-to-end-encryption-to-voice-and-video-calls-by-default.html Thu, 21 May 2026 06:40:53 +0000 Infosec News Discord now enables end-to-end encryption by default for all voice and video calls, making conversations inaccessible even to the platform itself. No announcement fanfare, no opt-in required, no settings to dig through. Discord flipped a switch on Monday and end-to-end encryption… https://thehackernews.com/2026/05/when-identity-is-attack-path.html https://thehackernews.com/2026/05/when-identity-is-attack-path.html Thu, 21 May 2026 16:00:00 +0530 Infosec News Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily … https://www.malwarebytes.com/blog/ai/2026/05/researchers-left-ai-agents-alone-in-a-virtual-town-and-watched-it-all-unravel https://www.malwarebytes.com/blog/ai/2026/05/researchers-left-ai-agents-alone-in-a-virtual-town-and-watched-it-all-unravel Thu, 21 May 2026 10:01:54 +0000 Infosec News Told not to commit crimes, the AI agents mostly did anyway. Arson, violence, romance, self-deletion, and general chaos quickly ensued. https://techcrunch.com/2026/05/21/scammers-are-abusing-an-internal-microsoft-account-to-send-spam/ https://techcrunch.com/2026/05/21/scammers-are-abusing-an-internal-microsoft-account-to-send-spam/ Thu, 21 May 2026 11:42:57 +0000 Infosec News The loophole allows spammers and scammers to send emails from a legitimate Microsoft email address typically used for sending genuine account alerts. https://www.malwarebytes.com/blog/family-and-parenting/2026/05/tiktok-youtube-and-roblox-face-scrutiny-but-age-gates-wont-fix-child-safety https://www.malwarebytes.com/blog/family-and-parenting/2026/05/tiktok-youtube-and-roblox-face-scrutiny-but-age-gates-wont-fix-child-safety Thu, 21 May 2026 11:08:37 +0000 Infosec News Ofcom says TikTok and YouTube are "not safe enough" for children, but simply adding stricter age checks is not the answer. https://www.infosecurity-magazine.com/news/linux-kernel-ptrace-flaw-ssh-keys/ https://www.infosecurity-magazine.com/news/linux-kernel-ptrace-flaw-ssh-keys/ Thu, 21 May 2026 12:00:00 +0000 Infosec News Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally https://gbhackers.com/freepbx-security-flaw/ https://gbhackers.com/freepbx-security-flaw/ Wed, 20 May 2026 06:30:14 +0000 Common Vulnerabilities and Exposures A critical security vulnerability has been discovered in FreePBX, a widely used open-source PBX platform, allowing unauthenticated attackers to access user portals under certain conditions. The flaw, tracked as CVE-2026-46376, carries a CVSS v4 base score of 9.1 and affects the U… https://www.helpnetsecurity.com/2026/05/20/cve-lite-cli-open-source-dependency-vulnerability-scanner/ https://www.helpnetsecurity.com/2026/05/20/cve-lite-cli-open-source-dependency-vulnerability-scanner/ Wed, 20 May 2026 06:00:59 +0000 Common Vulnerabilities and Exposures Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours o… https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43493 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43493 Wed, 20 May 2026 01:01:28 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43491 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43491 Wed, 20 May 2026 01:01:33 -0700 Common Vulnerabilities and Exposures Information published. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43492 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43492 Wed, 20 May 2026 01:01:22 -0700 Common Vulnerabilities and Exposures Information published. https://gbhackers.com/pardus-linux-vulnerability/ https://gbhackers.com/pardus-linux-vulnerability/ Wed, 20 May 2026 08:39:56 +0000 Common Vulnerabilities and Exposures A critical privilege escalation vulnerability chain, tracked as CVE-2026-5140, has been discovered in the Pardus Linux update mechanism, allowing local users to gain full root access without authentication. The issue, rated CVSS 9.3 (Critical), affects the pardus-update package a… https://securityaffairs.com/192436/uncategorized/dirtydecrypt-poc-released-for-yet-another-linux-flaw.html https://securityaffairs.com/192436/uncategorized/dirtydecrypt-poc-released-for-yet-another-linux-flaw.html Wed, 20 May 2026 07:36:57 +0000 Common Vulnerabilities and Exposures DirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here comes DirtyDecrypt, another local privilege escalation vulnerability in the kernel, … https://www.helpnetsecurity.com/2026/05/20/yellowkey-bitlocker-mitigation-cve-2026-45585/ https://www.helpnetsecurity.com/2026/05/20/yellowkey-bitlocker-mitigation-cve-2026-45585/ Wed, 20 May 2026 08:33:52 +0000 Common Vulnerabilities and Exposures Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the compan… https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html Wed, 20 May 2026 13:58:26 +0530 Common Vulnerabilities and Exposures Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. … https://www.csoonline.com/article/4173425/why-some-security-fixes-never-reach-your-vulnerability-dashboard.html https://www.csoonline.com/article/4173425/why-some-security-fixes-never-reach-your-vulnerability-dashboard.html Wed, 20 May 2026 09:00:00 +0000 Common Vulnerabilities and Exposures On April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.4.0 contained a credential-stealing payload that executed an obfuscated loader and harvested AWS, Azure, GCP, GitHub, and npm tokens from any developer machine that ran npm ins… https://securelist.com/exiftool-compromise-mac/119866/ https://securelist.com/exiftool-compromise-mac/119866/ Wed, 20 May 2026 09:02:31 +0000 Common Vulnerabilities and Exposures We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102). https://gbhackers.com/exiftool-vulnerability-2/ https://gbhackers.com/exiftool-vulnerability-2/ Wed, 20 May 2026 13:26:42 +0000 Common Vulnerabilities and Exposures A newly disclosed vulnerability in ExifTool, tracked as CVE-2026-3102, exposes macOS systems to command execution attacks through malicious image metadata, highlighting ongoing risks in widely used file processing tools. ExifTool is a popular utility used across media workflows t… https://gbhackers.com/nvidia-triton-inference-server-flaw-raises-risk-of-unauthorized-access/ https://gbhackers.com/nvidia-triton-inference-server-flaw-raises-risk-of-unauthorized-access/ Wed, 20 May 2026 12:13:19 +0000 Common Vulnerabilities and Exposures NVIDIA has disclosed a critical security vulnerability in its Triton Inference Server that could allow attackers to bypass authentication and gain unauthorized access to affected systems. The flaw, tracked as CVE-2026-24207, has been assigned a CVSS v3.1 score of 9.8, indicating … https://securityaffairs.com/192449/hacking/microsoft-issues-yellowkey-mitigation-no-patch-yet.html https://securityaffairs.com/192449/hacking/microsoft-issues-yellowkey-mitigation-no-patch-yet.html Wed, 20 May 2026 15:07:51 +0000 Common Vulnerabilities and Exposures Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a pa… https://kb.cert.org/vuls/id/980487 https://kb.cert.org/vuls/id/980487 Wed, 20 May 2026 21:23:46 +0000 Common Vulnerabilities and Exposures Overview A privilege escalation vulnerability, nicknamed "Dirty Frag," has been discovered in the Linux kernel versions 4.10 and later. This vulnerability is a result of chaining together two previously discovered vulnerabilities, xfrm-ESP Page-Cache Write CVE-2026-43284 and the … https://www.csoonline.com/article/4175329/drupal-admins-rushing-to-patch-maximum-severity-sql-injection-vulnerability.html https://www.csoonline.com/article/4175329/drupal-admins-rushing-to-patch-maximum-severity-sql-injection-vulnerability.html Wed, 20 May 2026 23:58:57 +0000 Common Vulnerabilities and Exposures Administrators of the Drupal open source content management platform are rushing to install an emergency patch issued today to fix a “highly critical” SQL injection vulnerability in the application’s core. While the vulnerability only affects websites that use the PostgreSQL data… https://cybersecuritytoday.libsyn.com/windows-11-bitlocker-zero-day-teampcp-malware-leak-iran-gas-station-hacks-cybersecurity-today https://cybersecuritytoday.libsyn.com/windows-11-bitlocker-zero-day-teampcp-malware-leak-iran-gas-station-hacks-cybersecurity-today Wed, 20 May 2026 03:07:00 +0000 Vulnerability Disclosure A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems. Cybersecurity Today would like to… https://thehackernews.com/2026/05/github-investigating-teampcp-claimed.html https://thehackernews.com/2026/05/github-investigating-teampcp-claimed.html Wed, 20 May 2026 09:31:15 +0530 Vulnerability Disclosure GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. "While we currently have no evidence of impact… https://thehackernews.com/2026/05/grafana-github-breach-exposes-source.html https://thehackernews.com/2026/05/grafana-github-breach-exposes-source.html Wed, 20 May 2026 10:42:06 +0530 Vulnerability Disclosure Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private sou… https://gbhackers.com/poc-exploit-dirtydecrypt-linux-kernel-vulnerability/ https://gbhackers.com/poc-exploit-dirtydecrypt-linux-kernel-vulnerability/ Wed, 20 May 2026 05:44:20 +0000 Vulnerability Disclosure PoC exploit code for the DirtyDecrypt (DirtyCBC) Linux kernel vulnerability has been released publicly, turning a previously theoretical local privilege escalation into a practical, copy‑paste exploit path to root on specific Linux distributions. DirtyDecrypt (also called DirtyCB… https://gbhackers.com/lummastealer-and-amatera-malware/ https://gbhackers.com/lummastealer-and-amatera-malware/ Wed, 20 May 2026 05:38:46 +0000 Vulnerability Disclosure Hackers are increasingly abusing the legacy Microsoft HTML Application Host (MSHTA) utility to deliver commodity malware such as LummaStealer and Amatera. Despite being tied to Internet Explorer, which was retired in 2022, MSHTA remains default in Windows, making it an attractive… https://gbhackers.com/github-source-code-reportedly-compromised/ https://gbhackers.com/github-source-code-reportedly-compromised/ Wed, 20 May 2026 05:14:49 +0000 Vulnerability Disclosure A threat actor group known as TeamPCP has claimed responsibility for a significant breach involving GitHub’s internal systems, alleging the theft of sensitive source code and proprietary organizational data. The group is currently offering the allegedly stolen dataset for sale on… https://risky.biz/RB838/ https://risky.biz/RB838/ Wed, 20 May 2026 15:22:48 +1000 Vulnerability Disclosure On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: GitHub announced a possible breach CISA leaks important creds, keys in public repo Awful vulnerability in Bitlocker renders it useless without a PIN So. Many. Patche… https://gbhackers.com/new-nginx-vulnerability-exposes-servers/ https://gbhackers.com/new-nginx-vulnerability-exposes-servers/ Wed, 20 May 2026 06:52:54 +0000 Vulnerability Disclosure NGINX has disclosed a new high‑severity vulnerability in its JavaScript module that can allow remote attackers to crash servers and, in specific conditions, execute arbitrary code on vulnerable systems. F5 has published a security advisory (K000161307) describing a flaw in the NG… https://securityaffairs.com/192431/hacking/alleged-huawei-zero-day-blamed-for-the-2025-luxembourg-telecom-crash.html https://securityaffairs.com/192431/hacking/alleged-huawei-zero-day-blamed-for-the-2025-luxembourg-telecom-crash.html Wed, 20 May 2026 05:30:04 +0000 Vulnerability Disclosure A Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was reportedly triggered by a previously undisclosed flaw in Huawei enterprise routers. The… https://www.darkreading.com/cybersecurity-operations/interpol-operation-ramz-cross-region-middle-east https://www.darkreading.com/cybersecurity-operations/interpol-operation-ramz-cross-region-middle-east Wed, 20 May 2026 07:00:00 +0000 Vulnerability Disclosure While the numbers are modest, the crackdown on cybercrime involved 13 countries in the MENA region, the largest law enforcement collaboration to date. https://www.infosecurity-magazine.com/news/verizon-dbir-exploits-top-access/ https://www.infosecurity-magazine.com/news/verizon-dbir-exploits-top-access/ Wed, 20 May 2026 08:40:00 +0000 Vulnerability Disclosure Verizon DBIR finds 31% of data breaches began with software flaws last year https://socradar.io/blog/teampcp-github-breach-internal-github-repository/ https://socradar.io/blog/teampcp-github-breach-internal-github-repository/ Wed, 20 May 2026 07:18:04 +0000 Vulnerability Disclosure TeamPCP GitHub Breach: Internal GitHub Repositories Allegedly Accessed TeamPCP is back in the headlines, and this time the target is not a plugin, a CI/CD pipeline, or an open-source package. The group is claiming access to GitHub itself, one of the most critical pieces of infras… https://www.youtube.com/watch?v=lwoe4JEyNGE https://www.youtube.com/watch?v=lwoe4JEyNGE Wed, 20 May 2026 09:00:57 +0000 Vulnerability Disclosure Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect … https://cyberinsider.com/github-confirms-internal-repository-theft-as-teampcp-claims-attack/ https://cyberinsider.com/github-confirms-internal-repository-theft-as-teampcp-claims-attack/ Wed, 20 May 2026 10:28:46 +0000 Vulnerability Disclosure GitHub disclosed that it is investigating unauthorized access to its internal repositories after attackers compromised an employee's device through a malicious Visual Studio Code extension. The company says there is currently no evidence that customer repositories or enterprise d… https://www.helpnetsecurity.com/2026/05/20/github-breached-teampcp/ https://www.helpnetsecurity.com/2026/05/20/github-breached-teampcp/ Wed, 20 May 2026 10:41:12 +0000 Vulnerability Disclosure Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-interna… https://www.csoonline.com/article/4174147/shub-reaper-impersonates-apple-google-and-microsoft-in-one-macos-attack-chain.html https://www.csoonline.com/article/4174147/shub-reaper-impersonates-apple-google-and-microsoft-in-one-macos-attack-chain.html Wed, 20 May 2026 11:49:23 +0000 Vulnerability Disclosure A newly disclosed macOS infostealer campaign is exploiting user trust in some of the biggest names in tech to slip past defenses. Researchers at SentinelOne have detailed a new variant of the SHub malware family, dubbed “Reaper,” that impersonates Apple, Google, and Microsoft at … https://www.helpnetsecurity.com/2026/05/20/armorcode-anya-agents/ https://www.helpnetsecurity.com/2026/05/20/armorcode-anya-agents/ Wed, 20 May 2026 11:22:49 +0000 Vulnerability Disclosure ArmorCode has announced Anya Agents, a new agentic AI framework delivered on the patented ArmorCode Agentic AI Platform that enables organizations to operationalize AI-driven security workflows at enterprise scale. Built on ArmorCode’s Context Risk Graph, Anya Agents help securit… https://thehackernews.com/2026/05/microsoft-open-sources-rampart-and.html https://thehackernews.com/2026/05/microsoft-open-sources-rampart-and.html Wed, 20 May 2026 22:36:54 +0530 Vulnerability Disclosure Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-nativ… https://gbhackers.com/grafana-github-security-incident/ https://gbhackers.com/grafana-github-security-incident/ Wed, 20 May 2026 13:42:43 +0000 Vulnerability Disclosure Grafana Labs has disclosed a targeted GitHub security incident linked to the ongoing TanStack npm supply chain ransomware campaign, raising concerns about software development pipeline security and token management practices. The company confirmed that attackers gained unauthoriz… https://gbhackers.com/gremlin-stealer-hides-c2/ https://gbhackers.com/gremlin-stealer-hides-c2/ Wed, 20 May 2026 12:44:48 +0000 Vulnerability Disclosure A newly identified variant of the Gremlin stealer malware is leveraging advanced obfuscation techniques to conceal its command-and-control (C2) infrastructure and data exfiltration logic within encrypted .NET resource sections. This evolution highlights a significant shift toward… https://gbhackers.com/new-corporate-data-leaks/ https://gbhackers.com/new-corporate-data-leaks/ Wed, 20 May 2026 12:17:19 +0000 Vulnerability Disclosure Dark web data brokers are increasingly recycling old breach data and marketing it as fresh corporate leaks. The activity, largely observed in Chinese-language cybercrime forums and Telegram channels, is creating confusion among organizations and diverting security resources towar… https://www.csoonline.com/article/4174747/github-admits-major-source-code-leak-after-3800-internal-repositories-breached-2.html https://www.csoonline.com/article/4174747/github-admits-major-source-code-leak-after-3800-internal-repositories-breached-2.html Wed, 20 May 2026 15:47:03 +0000 Vulnerability Disclosure Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of the incident first emerged on May 19, when GitHub said it was investigating “unau… https://www.tenable.com/blog/implement-agentic-ai-in-cybersecurity-to-reduce-risk-tenable-hexa-ai https://www.tenable.com/blog/implement-agentic-ai-in-cybersecurity-to-reduce-risk-tenable-hexa-ai Wed, 20 May 2026 09:00:00 -0400 Vulnerability Disclosure As frontier AI models collapse the traditional exploit window, Tenable Hexa AI transforms the security operating model from manual triage to agentic orchestration. See how you can automate vulnerability remediation and super-charge exposure management with Tenable Hexa AI. Key ta… https://therecord.media/ukraine-probes-teen-suspect-cyber-theft-scheme https://therecord.media/ukraine-probes-teen-suspect-cyber-theft-scheme Wed, 20 May 2026 16:33:00 +0000 Vulnerability Disclosure The investigation began after U.S. authorities informed their Ukrainian counterparts that hackers operating from Ukraine could be involved in attacks targeting users of American e-commerce platforms, Ukraine's Prosecutor General said. https://www.cybersecuritydive.com/news/github-hacked-repository-data/820722/ https://www.cybersecuritydive.com/news/github-hacked-repository-data/820722/ Wed, 20 May 2026 10:43:31 -0400 Vulnerability Disclosure The attack is the latest example of hackers’ intense focus on open-source packages. https://securityaffairs.com/192415/cyber-crime/carding-site-b1acks-stash-dumps-4-6-million-stolen-cards-for-free.html https://securityaffairs.com/192415/cyber-crime/carding-site-b1acks-stash-dumps-4-6-million-stolen-cards-for-free.html Wed, 20 May 2026 12:14:10 +0000 Vulnerability Disclosure Carding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the most active stolen card marketplaces on the dark web, has released 4.6 million credit card records for free, n… https://www.darkreading.com/ics-ot-security/patch-now-critical-flaw-ot-robot-os https://www.darkreading.com/ics-ot-security/patch-now-critical-flaw-ot-robot-os Wed, 20 May 2026 16:12:08 +0000 Vulnerability Disclosure An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment. https://www.helpnetsecurity.com/2026/05/20/verizon-2026-dbir-findings/ https://www.helpnetsecurity.com/2026/05/20/verizon-2026-dbir-findings/ Wed, 20 May 2026 14:10:13 +0000 Vulnerability Disclosure Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the top spot in the r… https://www.helpnetsecurity.com/2026/05/20/nanoco-seed-funding-12-million/ https://www.helpnetsecurity.com/2026/05/20/nanoco-seed-funding-12-million/ Wed, 20 May 2026 14:00:58 +0000 Vulnerability Disclosure NanoCo announced a $12 million seed round, alongside the commercial launch of a professional assistant built on its open-source agent framework NanoClaw. Valley Capital Partners led the round. Docker, Vercel, monday.com, Slow Ventures, Clutch Capital, Factorial Capital, and Huggi… https://www.rapid7.com/blog/post/em-operationalizing-ctem-building-surface-command-dashboards https://www.rapid7.com/blog/post/em-operationalizing-ctem-building-surface-command-dashboards Wed, 20 May 2026 12:15:54 +0000 Vulnerability Disclosure Modern attack surfaces don’t sit still. Cloud expansion, SaaS sprawl, identity complexity, and shadow IT are continuously reshaping organizational risk. For security leaders, visibility isn’t the challenge anymore, but actually operationalizing that visibility is. Surface Command… https://thecyberwire.com/podcasts/daily-podcast/2556/notes https://thecyberwire.com/podcasts/daily-podcast/2556/notes Wed, 20 May 2026 20:30:00 +0000 Vulnerability Disclosure GitHub confirms a breach tied to a malicious VS Code extension. Anthropic fights a Pentagon blacklist as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw. Cisco Talos tracks the evolution of BadIIS malware-for-hire. Signal adds anti-phishing… https://www.darkreading.com/application-security/github-confirms-breach-4k-internal-repos-stolen https://www.darkreading.com/application-security/github-confirms-breach-4k-internal-repos-stolen Wed, 20 May 2026 20:51:32 +0000 Vulnerability Disclosure Open source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor — TeamPCP — took credit. https://www.youtube.com/shorts/6qZlS6yr52c https://www.youtube.com/shorts/6qZlS6yr52c Wed, 20 May 2026 21:00:07 +0000 Vulnerability Disclosure The UK is discussing cybersecurity legislation that could include emergency shutdown mechanisms — “kill switches” — for advanced AI systems that threaten national security or human life. The speaker argues that emergency stop capabilities are reasonable at the system level. AI sy… https://securityaffairs.com/192456/security/pintheft-another-linux-privilege-escalation-another-working-exploit-this-time-targeting-arch.html https://securityaffairs.com/192456/security/pintheft-another-linux-privilege-escalation-another-working-exploit-this-time-targeting-arch.html Wed, 20 May 2026 20:32:53 +0000 Vulnerability Disclosure PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is Pi… https://www.darkreading.com/mobile-security/fake-android-apps-carrier-billing-fraud https://www.darkreading.com/mobile-security/fake-android-apps-carrier-billing-fraud Wed, 20 May 2026 20:35:35 +0000 Vulnerability Disclosure The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions. https://grahamcluley.com/smashing-security-podcast-468/ https://grahamcluley.com/smashing-security-podcast-468/ Wed, 20 May 2026 23:04:42 +0000 Security Bulletins A 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His defence in court? Possibly the most creative excuse we've heard all year. Meanwhile, owners of $4,000 robot lawnmowers are d… https://aws.amazon.com/blogs/security/why-policy-in-amazon-bedrock-agentcore-chose-cedar-for-securing-agentic-workflows/ https://aws.amazon.com/blogs/security/why-policy-in-amazon-bedrock-agentcore-chose-cedar-for-securing-agentic-workflows/ Wed, 20 May 2026 20:56:03 +0000 Security Advisories Agents have agency: they adapt and find multiple ways to solve problems. This autonomy creates a fundamental security challenge: the large language model (LLM) at the heart of the agent is non-deterministic, and its decisions can’t be predicted or guaranteed in advance. It can ha… https://www.csoonline.com/article/4173417/microsoft-disrupts-malware-code-signing-service-used-by-ransomware-gangs.html https://www.csoonline.com/article/4173417/microsoft-disrupts-malware-code-signing-service-used-by-ransomware-gangs.html Wed, 20 May 2026 00:45:54 +0000 Incident Reporting Microsoft has disrupted the infrastructure powering the largest malware code-signing service used to help ransomware groups and other cybercriminals make malicious programs harder to detect on Windows. The threat actors behind the service used stolen identities and impersonated l… https://www.helpnetsecurity.com/2026/05/20/idp-kill-chain-video/ https://www.helpnetsecurity.com/2026/05/20/idp-kill-chain-video/ Wed, 20 May 2026 04:30:14 +0000 Incident Reporting In this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in behind you. Constable breaks do… https://www.bitdefender.com/en-us/blog/hotforsecurity/fbi-shinyhunters-canvas-breach https://www.bitdefender.com/en-us/blog/hotforsecurity/fbi-shinyhunters-canvas-breach Wed, 20 May 2026 08:28:36 +0000 Incident Reporting Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article on the Hot for Security blog. https://securityaffairs.com/192440/cyber-crime/a-malicious-vs-code-extension-just-breached-github-s-internal-repositories.html https://securityaffairs.com/192440/cyber-crime/a-malicious-vs-code-extension-just-breached-github-s-internal-repositories.html Wed, 20 May 2026 08:50:50 +0000 Incident Reporting One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, the platform that hosts the code for most of the world’s software, getting breac… https://www.helpnetsecurity.com/2026/05/20/encryption-consulting-certsecure-manager-v3-3/ https://www.helpnetsecurity.com/2026/05/20/encryption-consulting-certsecure-manager-v3-3/ Wed, 20 May 2026 09:16:55 +0000 Incident Reporting Encryption Consulting has released CertSecure Manager v3.3, which automates zero-touch certificate renewal across all major enterprise server platforms and extends CA support to 11 providers, including Google Public CA and AWS. Certificate-related outages can cost enterprises mil… https://www.infosecurity-magazine.com/news/github-confirms-breach-vs-code/ https://www.infosecurity-magazine.com/news/github-confirms-breach-vs-code/ Wed, 20 May 2026 10:45:00 +0000 Incident Reporting The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories https://gbhackers.com/fox-tempest-abusing-microsoft-artifact-signing/ https://gbhackers.com/fox-tempest-abusing-microsoft-artifact-signing/ Wed, 20 May 2026 11:04:51 +0000 Incident Reporting Fox Tempest, a financially motivated threat actor, has been linked to a large-scale malware-signing-as-a-service (MSaaS) operation that abused Microsoft’s Artefact Signing platform to enable cybercriminals to distribute malicious software that appeared to be trusted. According to… https://thehackernews.com/2026/05/microsoft-takes-down-malware-signing.html https://thehackernews.com/2026/05/microsoft-takes-down-malware-signing.html Wed, 20 May 2026 20:06:44 +0530 Incident Reporting Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The … https://gbhackers.com/microsoft-durabletask-python-client-targeted-teampcp/ https://gbhackers.com/microsoft-durabletask-python-client-targeted-teampcp/ Wed, 20 May 2026 12:25:40 +0000 Incident Reporting The ongoing TeamPCP software supply chain campaign has compromised the official Microsoft DurableTask Python client, a widely used package for orchestrating workflows in Python applications. Three versions of the durabletask package on PyPI, 1.4.1, 1.4.2, and 1.4.3, were identifi… https://techcrunch.com/2026/05/20/customers-say-trump-mobile-is-leaking-their-personal-information/ https://techcrunch.com/2026/05/20/customers-say-trump-mobile-is-leaking-their-personal-information/ Wed, 20 May 2026 15:28:55 +0000 Incident Reporting Trump Mobile is leaking customers’ email and home addresses but has not responded to people alerting the company of the data exposure, according to two YouTubers who said they verified that their leaked data is authentic. https://techcrunch.com/2026/05/20/github-says-hackers-stole-data-from-thousands-of-internal-repositories/ https://techcrunch.com/2026/05/20/github-says-hackers-stole-data-from-thousands-of-internal-repositories/ Wed, 20 May 2026 13:25:58 +0000 Incident Reporting The code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft. https://thecyberwire.com/newsletters/daily-briefing/15/96 https://thecyberwire.com/newsletters/daily-briefing/15/96 Wed, 20 May 2026 16:00:00 +0000 Incident Reporting Microsoft disrupts malware signing service. Business news: Akamai to acquire LayerX for $205 million. https://therecord.media/7-eleven-reports-data-breach-shinyhunters https://therecord.media/7-eleven-reports-data-breach-shinyhunters Wed, 20 May 2026 16:05:00 +0000 Incident Reporting The breach notification letters say 7-Eleven discovered the breach on April 8 and, after an investigation, determined that the cybercriminals gained access to “certain 7-Eleven systems used to store franchisee documents.” https://cyberscoop.com/github-internal-repositories-vs-code-extension-attack/ https://cyberscoop.com/github-internal-repositories-vs-code-extension-attack/ Wed, 20 May 2026 14:48:38 +0000 Incident Reporting GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around thir… https://www.cybersecuritydive.com/news/7-eleven-cyberattack-franchisee-data/820698/ https://www.cybersecuritydive.com/news/7-eleven-cyberattack-franchisee-data/820698/ Wed, 20 May 2026 10:57:00 -0400 Incident Reporting The retailer confirmed that an unauthorized third party gained access to certain systems used to store franchisee documents earlier this spring. https://www.cybersecuritydive.com/news/microsoft-disrupts-cybercrime-hid-legitimate-software/820724/ https://www.cybersecuritydive.com/news/microsoft-disrupts-cybercrime-hid-legitimate-software/820724/ Wed, 20 May 2026 10:48:29 -0400 Incident Reporting The Fox Tempest malware-signing-as-a-service operation was linked to numerous ransomware attacks. https://cyberscoop.com/microsoft-rampart-clarity-agentic-ai-security-red-teaming-tools/ https://cyberscoop.com/microsoft-rampart-clarity-agentic-ai-security-red-teaming-tools/ Wed, 20 May 2026 20:25:51 +0000 Incident Reporting Microsoft’s AI red team lead talked to CyberScoop about the goals behind open sourcing a pair of security tools meant for developers and incident responders. The post Meet Rampart and Clarity, Microsoft’s new red team combo AI agents appeared first on CyberScoop . https://www.darkreading.com/cyberattacks-data-breaches/processes-and-culture-top-reasons-behind-data-breaches https://www.darkreading.com/cyberattacks-data-breaches/processes-and-culture-top-reasons-behind-data-breaches Wed, 20 May 2026 17:42:30 +0000 Incident Reporting Government leaders revealed that, in spite of state laws meant to improve cyber hygiene, an analysis of incidents showed issues persist and visibility falls short. https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/ https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/ Wed, 20 May 2026 21:07:38 +0000 Incident Reporting If any impact is discovered, customers will be notified via established incident response and notification channels. The post Investigating unauthorized access to GitHub’s internal repositories appeared first on The GitHub Blog . https://isc.sans.edu/diary/rss/32998 https://isc.sans.edu/diary/rss/32998 Wed, 20 May 2026 02:00:02 +0000 Threat Intelligence (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. https://www.helpnetsecurity.com/2026/05/20/hard-truths-from-2026-devops-threats-report/ https://www.helpnetsecurity.com/2026/05/20/hard-truths-from-2026-devops-threats-report/ Wed, 20 May 2026 05:00:15 +0000 Threat Intelligence In 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect. If you want to effectively counter attacks targeted at your code (and business), you need security meas… https://www.helpnetsecurity.com/2026/05/20/agentic-ai-security-llm-research/ https://www.helpnetsecurity.com/2026/05/20/agentic-ai-security-llm-research/ Wed, 20 May 2026 05:30:28 +0000 Threat Intelligence Large language models in operational roles query telemetry, propose configuration changes, and in some deployments execute those changes against live infrastructure. Ticket drafting and alert summarization were the starting point. Vendors describe this work as autonomous remediat… https://gbhackers.com/trapdoor-android-ad-fraud-ring/ https://gbhackers.com/trapdoor-android-ad-fraud-ring/ Wed, 20 May 2026 06:50:17 +0000 Threat Intelligence A large-scale Android ad fraud campaign named “Trapdoor,” exposing a sophisticated ecosystem built on 455 malicious apps and 183 command-and-control (C2) domains. The operation combines malvertising, automated click fraud, and advanced evasion techniques to create a self-sustaini… https://gbhackers.com/devilnfc-malware-traps-android-users/ https://gbhackers.com/devilnfc-malware-traps-android-users/ Wed, 20 May 2026 06:12:52 +0000 Threat Intelligence A newly identified Android malware family named DevilNFC is raising concern among cybersecurity researchers for its advanced use of kiosk mode to trap victims during NFC relay attacks. These malware families mark a significant evolution in NFC relay threats. Unlike earlier campai… https://gbhackers.com/mini-shai-hulud-attack-hits-npm-compromising-600-packages/ https://gbhackers.com/mini-shai-hulud-attack-hits-npm-compromising-600-packages/ Wed, 20 May 2026 06:11:59 +0000 Threat Intelligence A large-scale supply chain attack targeting the npm ecosystem has resurfaced with a new variant of the Mini Shai-Hulud malware, compromising more than 600 packages and introducing advanced evasion techniques, including forged Sigstore provenance. The attack primarily targeted the… https://gbhackers.com/single-letter-go-module-typosquat/ https://gbhackers.com/single-letter-go-module-typosquat/ Wed, 20 May 2026 06:06:43 +0000 Threat Intelligence A newly uncovered software supply chain attack targeting Go developers demonstrates how a single-character typo can silently introduce a persistent backdoor. A malicious Go module, github.com/shopsprint/decimal, designed to impersonate the widely trusted github.com/shopspring/dec… https://www.helpnetsecurity.com/2026/05/20/nick-nieuwenhuis-nedscaper-cyber-resilience-strategy/ https://www.helpnetsecurity.com/2026/05/20/nick-nieuwenhuis-nedscaper-cyber-resilience-strategy/ Wed, 20 May 2026 06:30:37 +0000 Threat Intelligence In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting… https://gbhackers.com/void-botnet-leverages-ethereum/ https://gbhackers.com/void-botnet-leverages-ethereum/ Wed, 20 May 2026 07:42:31 +0000 Threat Intelligence A newly identified botnet, named Void, is leveraging Ethereum smart contracts to build a resilient, hard-to-disrupt command-and-control (C2) infrastructure, marking a continued evolution in blockchain-enabled cybercrime. Discovered in March 2026 and advertised on a Russian-langua… https://thecyberwire.com/podcasts/microsoft-threat-intelligence/69/notes https://thecyberwire.com/podcasts/microsoft-threat-intelligence/69/notes Wed, 20 May 2026 07:05:00 +0000 Threat Intelligence In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ joins researchers from Huntress to break down the rise of ⁠EvilTokens⁠, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, t… https://www.lastwatchdog.com/guest-essay-ai-can-speed-up-communication-but-it-can-also-weaken-human-connection/ https://www.lastwatchdog.com/guest-essay-ai-can-speed-up-communication-but-it-can-also-weaken-human-connection/ Wed, 20 May 2026 09:35:09 +0000 Threat Intelligence The first warning sign came on stage. Related: Carol Sturka declares her agency I had turned to ChatGPT to help organize research notes for an upcoming keynote. I was pressed for time and wanted help spotting patterns I might have … (more…) The post GUEST ESSAY: AI can spee… https://www.helpnetsecurity.com/2026/05/20/darwinium-sdk-updates/ https://www.helpnetsecurity.com/2026/05/20/darwinium-sdk-updates/ Wed, 20 May 2026 09:02:54 +0000 Threat Intelligence Darwinium has announced updates to its Android and iOS mobile SDKs. It enables banks, payment providers, and digital businesses to tackle the proliferation of remote access scams, including those that manipulate live sessions and account farming operations that run mule networks.… https://gbhackers.com/fake-tax-assessment-pages/ https://gbhackers.com/fake-tax-assessment-pages/ Wed, 20 May 2026 10:56:11 +0000 Threat Intelligence Hackers are actively targeting Windows users with fake Indian Income Tax assessment pages in a campaign tracked as TAX#TRIDENT. The campaign begins with fraudulent tax assessment or penalty pages designed to create urgency. Victims are prompted to download what appears to be an o… https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/ https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/ Wed, 20 May 2026 10:00:46 +0000 Threat Intelligence Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Tracking TamperedChef Clusters via Certificate and Code Reuse appeared first on Unit 42 . https://www.helpnetsecurity.com/2026/05/20/trust3-mcp-security/ https://www.helpnetsecurity.com/2026/05/20/trust3-mcp-security/ Wed, 20 May 2026 10:41:04 +0000 Threat Intelligence Trust3 AI has announced the launch of Model Context Protocol (MCP) Security, establishing a new standard for safeguarding enterprise agentic AI workloads. This solution forms a key capability within Trust3 AI’s enterprise agent control plane, empowering security and governa…