HomeWeekly DigestsThis Week
LiveThreat Threat Intelligence

Weekly Threat Intelligence Digest — May 18 to May 25, 2026

Weekly threat intelligence digest from 411 items (50 critical, 211 high).

May 25, 2026 411 articles analyzed
LIVETHREAT WEEKLY THREAT DIGEST May 18 – May 25, 2026 This week the data confirms a clear shift: attackers are no longer chasing the perimeter, they are hijacking the trust relationships that bind your ecosystem. Ransomware groups extorted SaaS platforms, malicious VS Code extensions stole CI/CD tokens, and a single leaked cloud‑admin key opened a floodgate to government workloads. The common denominator is privileged third‑party access being weaponised across supply‑chain layers. 👉 Access, not a lone vulnerability, is the dominant risk driver. 🚨 EXECUTIVE RISK SNAPSHOT * Supply‑chain breach vector → MSPs, cloud admin accounts, and CI/CD pipelines were the primary entry points for 5 of the 46 incidents. * Privilege amplifies impact → Compromised admin tokens at GitHub, AWS GovCloud, and Grafana enabled data exfiltration from dozens of downstream customers. * Blind‑spot assets → OT/IoT devices, franchisee systems, and undocumented sub‑vendors remain largely invisible in most TPRM inventories. 🔍 WHAT CHANGED THIS WEEK * Ransomware‑as‑a‑Service (RaaS) groups now target SaaS vendors directly, leveraging the vendor’s own admin console to reach thousands of end‑users. * Open‑source supply‑chain attacks exploded: malicious npm and VS Code extensions compromised 600+ packages and harvested credentials from CI/CD environments. * Cloud credential leakage resurfaced as a top threat, with public GitHub repos exposing high‑privilege AWS GovCloud keys and internal CISA configurations. * AI‑assisted vulnerability exploitation overtook credential theft as the leading initial‑access vector in the Verizon DBIR, shrinking exploit windows to hours. 🎯 WHERE YOU ARE MOST LIKELY EXPOSED * Organizations that rely on cloud hosting providers (AWS, Azure, GovCloud) and grant admin‑level IAM roles to vendors. * Companies using third‑party CI/CD or API management tools (npm, VS Code Marketplace, GitHub Actions) without strict token hygiene. * Enterprises with franchisee, subsidiary, or MSP relationships that share single privileged accounts across dozens of sites. * Healthcare, education, and government entities that host sensitive data on SaaS platforms (Canvas, AdvancedHEALTH, NYC Health + Hospitals). ⚡ WHAT TPRM LEADERS SHOULD DO THIS WEEK 1. Re‑audit privileged access matrices • Verify every vendor‑admin role in AWS, Azure, and GCP. 👉 Ask: “Which vendor personnel hold keys that can create, delete, or modify cloud resources?” 2. Enforce CI/CD token lifecycle controls • Require short‑lived tokens, rotate secrets weekly, and scan for malicious extensions in npm and VS Code. 3. Expand vendor‑of‑vendor visibility • Request sub‑processor lists from your top 5 suppliers and map any downstream MSP or SaaS dependencies. 4. Deploy continuous secret‑leak monitoring #Cybersecurity #TPRM #VendorRisk #SupplyChainSecurity #ThreatIntel #LiveThreat #VerisqAI

Articles Referenced in This Digest 411 items

Advisory (130)

HighTurns out the C-suite loves shadow AI
HighMeta settles school district lawsuit claiming addictive design harmed students' mental health
HighFBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks
HighWhy the Supreme Court's Chatrie case could change the meaning of privacy in America
High Update Chrome now: Critical bugs could let attackers run code
HighThe Vulnerability Flood Is Now a Board Conversation. Here's How to Lead It.
HighThe Vulnerability Flood Is Now a Board Conversation. Here's How to Lead It.
HighYou can't install Deepin Desktop from the official Fedora repo anymore - here's why
HighCISA Adds Seven Known Exploited Vulnerabilities to Catalog
HighGoogle says AI agents spending your money is a 'more fun' way to shop
HighVerizon DBIR: Vulnerability exploitation is the dominant initial access vector
HighFTC warns 12 major tech firms of violating Take It Down Act
HighIntroducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow
HighEurope Prepares to Hunker Down Against Bug Finding AI Models
HighJudges Clash Over Pentagon’s Anthropic Ban
HighMicrosoft Confirms Windows Update Bug Blocking Security Fixes
HighVerizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
HighMicrosoft confirms patching issues in restricted Windows networks
HighExperts warn of privacy risks as AI firms looks to connect to financial accounts
HighExperts warn of privacy risks as AI firms looks to connect to financial accounts
MediumTech giants promise British regulator they will tweak platforms to protect kids online
MediumUK plans for cybercrime law reform would protect almost no one, experts warn
MediumThe Maximalism Trap: When More Becomes Too Much
Medium51% of professionals say AI workslop lowers their productivity - stop it in 2 steps
MediumSecuring the gaming culture of cultures
MediumTwo-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report
MediumAI Agent Security: Automating Workflow Without Creating Prompt Injection or Data Leak Risks
MediumiProov brings identity verification to video meetings to reduce fraud risks
MediumBabel Street targets AI-driven threats with new agentic investigation capabilities
MediumVerizon Breach Report: Vulnerability Exploitation Surges
Medium YouTube wants your face to fight deepfakes
MediumMicrosoft confirms Windows 11 security update install issues
InformationalBoards want cyber risk in dollars, not CVE counts
InformationalLessons for organizations from the Verizon 2026 Data Breach Investigations Report
LowThis rugged Windows tablet handles mud and rain - but didn't impress with the basics
Lownpm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
InformationalCisco’s Risk-Based Vulnerability Disclosure in the Age of AI 
InformationalVerizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
InformationalAkamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers
LowThinking about plug-in solar? It may be coming to your state soon
Informational7 WFH gadgets that are huge quality of life improvements
LowThese are my favorite gadgets to add ambiance to your home, and they're all on sale
InformationalCISA’s new KEV nomination form opens reporting to vendors and researchers
InformationalProton Pass adds monitored credential sharing for AI agents
LowGitLab 19.0 adds AI workflows, secrets management, and self-hosted model support
InformationalVersa extends zero trust principles to AI agents and MCP workflows
InformationalKore.ai unveils AI-native platform for enterprise multiagent systems
InformationalMicrosoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations
LowMicrosoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security Platforms
InformationalNew Verizon Report Reveals the Security Gap Attackers Are Exploiting Most
InformationalHow CISOs Should Prep for Agentic-Ready AI BOMs
LowHow Sony nearly ruled spatial audio - until Apple changed music forever
Informational96% of IT pros use AI now: Their top 7 agentic applications and biggest implementation roadblocks
LowGoogle showed me the future of Android Auto - and now I dread my own car
InformationalNew infosec products of the week: May 22, 2026
InformationalCISA to allow researchers to report vulnerabilities to exploited bugs catalog
InformationalEnhancing Cisco Secure Email Gateway: Safer Clicks and Cleaner Files
InformationalApple Blocks Over 2 Million Apps in 2025 Fraud Crackdown
InformationalAI Agents Are Shifting Identity Security Budget Dynamics
LowGoogle's AI features just got more confusing
InformationalI tested a portable battery with graphene heat dissipation - and cracked it open for proof
InformationalMicrosoft won't send you SMS texts for login anymore - why it's pushing passkeys instead
InformationalCTERA brings AI insights and automation for unstructured data
InformationalForward launches Predict to test network changes before deployment
InformationalRiverbed introduces new Aternity tools for autonomous IT operations
InformationalTenable Hexa AI automates remediation across attack surfaces
InformationalASAPP expands adversarial testing for enterprise AI systems
LowVirtru centers file collaboration around data-level protection
InformationalMicrosoft open-sources tools for designing and testing AI agents
InformationalFlipper One project needs community help to build open Linux platform
InformationalWhat’s new in Microsoft Security: May 2026
Informational Catch spyware in the act with Windows Webcam Monitoring
InformationalAI-generated reporting: Lessons learned from Cisco Talos Incident Response
LowDiscord adds end-to-end encryption to voice and video calls by default
InformationalCyber threats push SMBs to spend more on security
InformationalProduct showcase: Bitdefender Mobile Security for iOS protects privacy where scams begin
InformationalOpenAI Could File for IPO as Soon as Friday
InformationalCheck Point Validates AI-Driven Actions With Deepchecks Buy
InformationalWhat It'll Take to Make AI BOMs Usable in a Modern Security Program
InformationalProcesses and Culture Top Reasons Behind Data Breaches
InformationalOn AI Security
Low4 Android Auto settings I always turn on for a safer ride
InformationalWe tested the most popular VPNs in New York, London, and Tokyo - this one is the best for traveling
Low11 cheap gadgets we've found to be highly useful (and they're on sale)
InformationalUbuntu Core 26 offers an immutable Linux you can trust through 2041
LowThese 8 Kindle models just lost support, but that doesn't make them obsolete
InformationalEncryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals
InformationalTrust3 AI focuses on AI agent risks with MCP Security layer
InformationalNovata uses AI to map risk across portfolios and supply chains
InformationalNanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw
InformationalMicrosoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
InformationalDiscord migrates all users to end-to-end encryption by default
Low Firefox 151 packs big privacy upgrades into a small update
InformationalWhat Will Make AI BOMs Real?
LowThese backyard solar panels saved me $20/mo on my power bill - here's my setup
InformationalCVE Lite CLI: Open-source dependency vulnerability scanner
InformationalDiscord rolls out end-to-end encryption on voice, video calls
InformationalLooking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution
LowI used Motorola's version of DeX with my Razr Fold, and it's nearly replaced my laptop
LowMarshall Milton ANC headphones aim to combine portability with performance
InformationalI tested the Surface Pro with 5G, and it's Microsoft's most complete business 2-in-1 yet
Low6 Android Auto apps I wish I found sooner, because they make every drive easier
LowZDNET Big Guessing Game: Official contest rules
InformationalGoogle I/O 2026 live: Biggest updates on Android, Gemini AI, XR, and more we're seeing
LowGoogle overhauls its AI plans - which one should you now choose?
InformationalWebinar: The hidden bottlenecks in network incident response
InformationalDell Technologies Bets on AI Infrastructure
InformationalHosting Service Standards That Define High-Performing Agencies
InformationalIs 2026 the Year AI Bills of Materials Get Real?
Informational5 ways to fortify your network against the new speed of AI attacks
InformationalMicrosoft surprises with its first server Linux distribution: Azure Linux 4.0
InformationalGoogle I/O 2026 live updates: News on Android, Gemini AI, XR, and more we're expecting
LowCybersecurity jobs available right now: May 19, 2026
InformationalAI infrastructure is cracking under sovereignty demands
Low5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
InformationalGSK: The AI-Driven Science Factory
InformationalOpenAI Wins in Court, Jury Says Musk Waited Too Long to File
LowApple’s Siri Revamp May Add Auto-Deleting Chats
InformationalContinuous Detection, Continuous Response: Mate Security Redefines the Modern SOC
Low10 Top OSINT Tools Every Investigator Should Know in 2026
InformationalBoulevard of Broken Dreams: 2 Decades of Cyber Fails
LowBest Buy and Amazon just dropped prices on SSDs ahead of Memorial Day - I found the best deals
LowMicrosoft is finally bringing the movable taskbar to Windows 11 - here's who can try it now
LowSmartBear expands ReadyAPI with AI-powered API testing capabilities
InformationalHow to Reduce Phishing Exposure Before It Turns into Business Disruption
LowMicrosoft testing adjustable taskbar, Start menu in Windows 11
InformationalHow to better protect your growing business in an AI-powered world
Low Microsoft is changing Edge’s plaintext password behavior
InformationalWhy commercial cyber threat intelligence is failing defense operations
InformationalThe Future of the Partnership: AI, Automation, and Ecosystems

Breach (43)

CriticalCISA Security Leak
CriticalGitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
CriticalHuawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network
Critical Biometrics, diagnoses, and bank details exposed in major healthcare breach
CriticalCISA Admin Leaked AWS GovCloud Keys on Github
HighHacker Selling 340 Million OnlyFans User Records Built From Old Breaches
HighWeek in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited
High7-Eleven - 185,256 breached accounts
HighHackers steal patient and billing data from German hospitals via third-party provider
HighLawmakers Demand Answers as CISA Tries to Contain Data Leak
HighGitHub links repo breach to TanStack npm supply-chain attack
HighGitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
HighUkraine identifies infostealer operator tied to 28,000 stolen accounts
HighWhy Smaller Healthcare Providers Remain Easy Targets
HighGitHub Hacked, Internal Repositories Offered for Sale
HighWindows93 / Myspace93 - 46,105 breached accounts
HighGitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension
HighGitHub Confirms Breach, 4K Internal Repos Stolen
HighCISA Contractor Exposed Sensitive Credentials in Public GitHub Repository
HighTeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
HighGitHub confirms breach of 3,800 repos via malicious VSCode extension
HighGrafana breach caused by missed token rotation after TanStack attack
High7-Eleven confirms breach after ShinyHunters claims
HighUkraine probes teen suspect in cyber theft scheme targeting California online shoppers
HighA malicious VS code extension just breached GitHub ‘s internal repositories
HighFBI warns students and staff that ShinyHunters may come knocking after Canvas breach
HighGitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
HighGrafana GitHub Breach Exposes Source Code via TanStack npm Attack
HighMicrosoft Self-Service Password Reset abused in Azure data theft attacks
HighGitHub investigates internal repositories breach claimed by TeamPCP
HighPublic NYC Health System Notifying 1.8M of Hack
HighGrafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft
HighCISA Exposes Secrets, Credentials in 'Private' Repo
HighNew Shai-Hulud malware wave compromises 600 npm packages
HighCTT - 468,124 breached accounts
HighPublic Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq
HighShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed
HighGrafana confirms GitHub token breach cybercrime group claims the attack
HighAddi - 34,532,941 breached accounts
HighAttackers accessed, downloaded code from Grafana Labs’ GitHub
HighGrafana says stolen GitHub token let hackers steal codebase
HighGrafana refuses to pay ransom after codebase theft
MediumDragonica Lunaris - 126,293 breached accounts

Ransomware (3)

CriticalWeekly Update 505
CriticalAdvancedHEALTH Ransomware Claim Includes 2.3M Patient Data Lines
HighThe Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed

ThreatIntel (151)

CriticalMicrosoft shares mitigation for YellowKey Windows zero-day
CriticalEgnyte unveils Email Capture and AI features to unify fragmented data
CriticalSEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
HighSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98
HighLaravel Lang packages hijacked to deploy credential-stealing malware
HighWhy pure extortion is replacing traditional ransomware
HighRondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
HighLaravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
HighPackagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
HighGhostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets
HighTracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
HighFBI Warns of Kali365 Phishing Service Targeting Microsoft 365 Account
HighFirst VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
HighAuthorities arrest 23-year-old accused of running the Kimwolf botnet
High5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours
HighChina's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments
HighCloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
HighMicrosoft 365 users targeted by new phishing threat that bypasses MFA
HighSuspected KimWolf botnet admin arrested over DDoS-for-hire operation
HighKimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
HighMaking Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
HighMegalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
HighGhostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
HighUS and Canada arrest and charge suspected Kimwolf botnet admin
HighNetherlands seizes 800 servers of hosting firm enabling cyberattacks
HighBelarus-linked hackers use fake training certificates to target Ukrainian officials
HighCanadian man arrested, charged for running KimWolf DDos botnet
HighFrom edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
HighOne Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure
HighPaved With Intent: ROADtools and Nation-State Tactics in the Cloud
HighCross-Platform NPM Stealer, (Fri, May 22nd)
HighThe new economics of fraud: Cheaper, faster, more convincing
HighThe art of being ungovernable
HighGlobal law enforcement operation takes First VPN offline
HighEuropol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator
HighSEO poisoning campaign leverages Gemini and Claude Code impersonation to deliver infostealer
HighMicrosoft Disrupts Malware-Signing Service Used by Ransomware Gangs
HighDefenders fall behind, as AI rewrites the rules of a data breach
HighChinese APTs Share Linux Backdoor in Central Asia Telco Attacks
HighAuthorities dismantle First VPN, used by ransomware actors
HighWhen Identity is the Attack Path
HighThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
HighShowboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
HighPolice seize “First VPN” service used in ransomware, data theft attacks
HighChinese hackers target telcos with new Linux, Windows malware
HighInside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
HighApple blocked over $11 billion in App Store fraud in 6 years
HighXi and Putin pledge closer cooperation on AI, cyberspace and satellite systems
HighEurope dismantles VPN service used by cybercriminals to hide ransomware attacks
High Researchers left AI agents alone in a virtual town and watched it all unravel
High TikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safety
HighMicrosoft’s Retired IE Tool MSHTA Now Being Used in Fileless Malware Attacks
HighHackers bypass SonicWall VPN MFA due to incomplete patching
HighMini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
HighSteganography Secrets: Malware Hidden in Plain Sight
HighFake Android Apps Commit Carrier Billing Fraud for Premium Svcs.
HighTracking TamperedChef Clusters via Certificate and Code Reuse
HighMac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft
HighMobile phishing is a bigger threat than email now - how to stay protected
HighHow AI can trick you into making fake payments - 5 red flags
HighWebworm APT targets European government organizations with new backdoors
HighTyposquatting Is No Longer a User Problem. It's a Supply Chain Problem
HighAgent AI is Coming. Are You Ready?
HighWebworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
HighMicrosoft Takes Down Malware-Signing Service Behind Ransomware Attacks
HighIdentity Alone Isn't Enough: Why Device Security Has to Share the Load
HighAI Botnets Drive Surge in Financial Sector DDoS Attacks
High Fake malware-signing service Fox Tempest dismantled by Microsoft
HighBanana RAT Malware in Fake Invoices Hits Customers at 16 Brazilian Banks
HighFake Word Phishing Reveals Enterprise Blind Spot in Trusted Remote Access Tools
HighVerizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches
HighWhat happens when your identity provider becomes the kill chain
High7 hard truths security pros should know: 2026 DevOps Threats Report
HighWhen your AI assistant has the keys to production
HighCybercrime service disrupted for abusing Microsoft platform to sign malware
HighAndroid Ad Fraud Operation Generates 659M Bid Requests
HighMicrosoft dismantled malware-signing network Fox Tempest
HighStealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
HighMicrosoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows
HighGoogle's new Omni AI tool will let you video clone yourself - I'm intrigued (and concerned)
HighPureLogs infostealer is stealing credentials worldwide
HighCompromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
High7-Eleven confirms data breach claimed by the ShinyHunters gang
HighMicrosoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs
HighUK regulator to require tech firms to tackle deepfakes, non-consensual intimate images
HighExposing Fox Tempest: A malware-signing service operation
HighThe Newest Space Race Is Cyber
HighFrom PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat
HighShai-Hulud worm copycats emerge after source code leak
HighMassive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects
HighPoland shifts away from Signal following cyberattacks on officials’ accounts
HighProject Glasswing: what Mythos showed us
HighPublic Instagram posts provide raw material for AI phishing campaigns
HighMini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
HighGitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
HighSHub macOS infostealer variant spoofs Apple security updates
HighINTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
HighMore than 200 arrested in cyber raids aimed at Middle East scam networks
HighHow Storm-2949 turned a compromised identity into a cloud-wide breach
HighReport: Mythos-Like AI Tools Raising Healthcare Cyber Stakes
HighThe Newest Space Race is in Cyber
HighBanned Nvidia AI Chips Keep Reaching China Despite US Crackdown
HighGovernment Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign
HighNew Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords
HighTeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)
HighFuel Tank Breaches Expand Scope of Iran's Cyber Offensive
HighShai-Hulud Worm Clones Spread After Code Release
HighIT threat evolution in Q1 2026. Non-mobile statistics
High201 arrested in INTERPOL disruption of phishing and fraud networks
HighAI is drowning software maintainers in junk security reports
HighPre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
HighFour Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
HighDeveloper Workstations Are Now Part of the Software Supply Chain
High⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
HighINTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
HighLeaked Shai-Hulud malware fuels new npm infostealer campaign
HighClick, Install, Compromised: The New Wave of Zoom-Themed Attacks
HighWeekly Update 504
MediumSmashing Security podcast #468: High-speed train hacks and homicidal lawnmowers
MediumAt Mythos Speed: A Defender's Playbook for the AI Vulnerability Surge in 2026
MediumDirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
MediumIT threat evolution in Q1 2026. Mobile statistics
MediumGame over for 74 suspected scammers after Dutch cops plastered their faces on billboards
Medium A week in security (May 11 – May 17)
MediumCan Laws Stop Deepfakes? South Korea Aims to Find Out
InformationalKeepnet contributes voice and SMS phishing data to the 2026 Verizon DBIR
InformationalWhy Chargebacks are Just One Piece of the Fraud Puzzle
InformationalISC Stormcast For Friday, May 22nd, 2026 https://isc.sans.edu/podcastdetail/9942, (Fri, May 22nd)
LowSelective HTTP Proxying in Linux, (Thu, May 21st)
Informational1-15 May 2026 Cyber Attacks Timeline
InformationalISC Stormcast For Thursday, May 21st, 2026 https://isc.sans.edu/podcastdetail/9940, (Thu, May 21st)
InformationalAI red teaming agents change how LLMs get tested
InformationalMost dark web activity revolves around a handful of topics
InformationalWhy AI changed the threat model for travel technology
LowI wore Google's Android XR glasses again - and my limit-testing should scare Meta and Apple
InformationalDarwinium updates mobile SDKs to detect remote access scam activity
InformationalInterpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle East
InformationalISC Stormcast For Wednesday, May 20th, 2026 https://isc.sans.edu/podcastdetail/9938, (Wed, May 20th)
InformationalCriminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM
InformationalGoogle's new AI Search box is here - along with agents and 5 more upgrades
LowOpenAI's new image watermarks make it easier to spot AI fakes - here's how
InformationalThe end of unencrypted Discord calls is here
InformationalNew macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
InformationalCanonical ships Ubuntu Core 26 with 15 years of security maintenance
InformationalLaunchDarkly adds real-time controls for AI agents in production
InformationalSelector extends AI-driven observability into multi-cloud environments
InformationalThe New Phishing Click: How OAuth Consent Bypasses MFA
InformationalTrapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
InformationalMicrosoft blames macOS update for undismissible Teams location prompts
InformationalMicrosoft plans to improve Windows 11 driver quality in 2026
InformationalISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936, (Tue, May 19th)

Vulnerability (84)

CriticalGhost CMS SQL injection flaw exploited in large-scale ClickFix campaign
CriticalU.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
CriticalSecurity Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION
CriticalCVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack
CriticalLiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
CriticalMicrosoft Warns: Windows Zero-Day ‘YellowKey’ Can Bypass BitLocker
Critical$20 per zero-day is already the WordPress plugin reality
CriticalCISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
CriticalUbiquiti patches three max severity UniFi OS vulnerabilities
CriticalTrend Micro warns of Apex One zero-day exploited in the wild
CriticalU.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog
CriticalCisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
CriticalCisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload
CriticalAttackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix
CriticalU.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog
Critical[webapps] FUXA 1.2.9 - RCE
Critical[webapps] Cockpit 359 - RCE
CriticalmacOS Kernel Memory Corruption Exploit
CriticalABB B&R PCs
CriticalABB B&R Automation Studio
CriticalMicrosoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)
CriticalMax severity Cisco Secure Workload flaw gives Site Admin privileges
CriticalPatch Now: Critical Flaw in OT Robot OS Gives Attackers Control
CriticalHow an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
CriticalDrupal critical update to fix bug with high exploitation risk
CriticalCVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path
CriticalMax-severity flaw in ChromaDB for AI apps allows server hijacking
CriticalWindows Zero-Day Barrage Continues After Patch Tuesday
CriticalZKTeco CCTV Cameras
CriticalScadaBR
CriticalSiemens RUGGEDCOM APE1808 Devices
CriticalCritical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
CriticalPatched OpenClaw Flaw Let Hackers Hijack AI Agents
CriticalMicrosoft Exchange Zero-Day Under Attack, No Patch Available
CriticalZero-Day Exploit Against Windows BitLocker
CriticalAttackers are exploiting critical NGINX vulnerability (CVE-2026-42945)
CriticalMiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
CriticalIvanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
CriticalExperts warn of active exploitation of critical NGINX flaw CVE-2026-42945
CriticalChaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix
HighAnthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious
HighDrupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
HighClaude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
HighCISA Adds One Known Exploited Vulnerability to Catalog
HighDeleted Google API keys keep working for up to 23 minutes, researchers warn
HighDrupal: Critical SQL injection flaw now targeted in attacks
HighGoogle API Keys Remain Active After Deletion
HighGoogle accidentally exposed details of unfixed Chromium flaw
HighDeleted Google API Keys Remain Active up to 23 Minutes, Study Finds
High[webapps] solaredge - (CSRF-OOB-Injection)
High[local] Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path
High[webapps] BookStack 25.12.1 - Denial of Service
HighZDI-26-318: Progress Software Kemp LoadMaster ssodomain_killsession Command Injection Remote Code Execution Vulnerability
HighZDI-26-319: Progress Software Kemp LoadMaster addcountry Command Injection Remote Code Execution Vulnerability
HighCISA Adds Two Known Exploited Vulnerabilities to Catalog
HighABB B&R Automation Runtime
HighContent Delivery Exploit Opens Websites to Brand Hijacking
HighMicrosoft Warns of Two Actively Exploited Defender Vulnerabilities
HighMicrosoft warns of new Defender zero-days exploited in attacks
High Microsoft Defender vulnerabilities are being exploited in the wild
HighHighly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
HighMicrosoft issues YellowKey mitigation, no patch yet
HighPinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch
HighExploit released for new PinTheft Arch Linux root escalation flaw
HighAlleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash
HighDirtyDecrypt: PoC Released for yet another Linux flaw
HighMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
HighTP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities
HighDrupal is rolling out an emergency security update on May 20. You cannot miss it
HighPwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts
HighABB CoreSense HM and CoreSense M10
HighHow OLTs may have exposed entire ISP networks
HighDrupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
HighInside the 2026 Verizon DBIR: What One Billion Records Revealed About Vulnerability Remediation
HighHackers Actively Exploit ‘Nginx Rift’ Vulnerability Affecting NGINX, F5 Products
HighMultiple Vulnerabilities in NGINX Could Allow for Remote Code Execution
High'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments
HighExploit available for new DirtyDecrypt Linux root escalation flaw
MediumWireshark 4.6.6 Released, (Sun, May 24th)
MediumHitachi Energy GMS600
MediumABB Terra AC Wallbox
Medium9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
MediumMicrosoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
MediumKieback & Peter DDC Building Controllers

Daily breach, advisory, and vulnerability briefs publish every weekday.

View Live Breach Feed ← All Weekly Digests