Cyber Security
Cybersecurity
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
The hacker group TeamPCP claims unauthorized access to ~4,000 GitHub private repositories and is demanding a $50,000 ransom for the stolen source code.
CVE Vulnerability Alerts
CVE-2026-45585: Windows Zero-Day Bypasses BitLocker
Microsoft disclosed CVE-2026-45585, a Windows zero-day that allows attackers with physical access to bypass BitLocker encryption without the decryption key.
Application Security
CVE-2026-45829: Max-Severity Flaw Lets Attackers Hijack ChromaDB
CVE-2026-45829 is a maximum-severity pre-auth flaw in ChromaDB allowing server hijacking; about 73% of internet-exposed instances run a vulnerable version.
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Microsoft seized Fox Tempest's signspace.cloud domain and revoked over 1,000 fraudulent code-signing certificates used by ransomware groups and infostealers.
Cybersecurity
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
B1ack's Stash dark-web marketplace released 4.6 million stolen card records for free, with 4.3 million actionable, after resellers violated its terms.
Cybersecurity
Trapdoor Android Ad Fraud Scheme Generated 659M Fake Bids
HUMAN's Satori team disclosed Trapdoor, 455 malicious Android apps generating 659 million fake ad bids daily, with more than 24 million total downloads.
Application Security
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
Version 18.95.0 of the Nx Console VS Code extension was weaponized for 11 minutes to steal 1Password vaults, AWS credentials, and Claude Code secrets.
Cybersecurity
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
Microsoft tracks Storm-2949, a threat actor using SSPR social engineering to hijack Azure accounts without malware and extract Key Vault secrets and M365 data.
Application Security
Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
Drupal warned a highly critical vulnerability in versions 11.3.x through 10.5.x could be exploited within hours of its May 20, 2026 patch release date.
CVE Vulnerability Alerts
SEPPMail Gateway Hit with 7 CVEs, Including CVSS 10.0 RCE Flaw
Seven vulnerabilities in SEPPMail Secure E-Mail Gateway, including a CVSS 10.0 pre-auth RCE, could let attackers intercept all protected mail traffic.
Cybersecurity
Grafana Breach Traced to TanStack npm Supply Chain Attack
Grafana revealed the source code breach that exposed its GitHub repositories originated from a TanStack npm package poisoned by the TeamPCP threat actor.
CVE Vulnerability Alerts
CISA Orders Patch for Sixth Cisco SD-WAN Zero-Day of 2026
Cisco confirmed active exploitation of CVE-2026-20182, a CVSS 10.0 authentication bypass in SD-WAN, as CISA gave federal agencies three days to patch.
Application Security
Exchange Server XSS CVE-2026-42897 Exploited via Crafted Email
Microsoft confirmed active exploitation of CVE-2026-42897, an XSS flaw in on-premises Exchange Server triggered when victims open malicious emails in OWA.
Cybersecurity
Ghostwriter APT Deploys Cobalt Strike in Geofenced Ukraine Campaign
ESET documented a Ghostwriter spear-phishing campaign using geofenced PDFs to deliver Cobalt Strike against Ukrainian and Polish government targets since March 2026.
Application Security
OpenAI Confirms Breach via Mini Shai-Hulud npm Supply Chain Attack
OpenAI confirmed two employee devices were compromised through a supply chain attack, exposing code-signing certificates for macOS, Windows, iOS, and Android apps.
Cybersecurity
KongTuke IAB Uses Microsoft Teams to Deploy ModeloRAT in 5 Minutes
ReliaQuest found KongTuke impersonating IT help desk staff via Microsoft Teams to trick employees into running PowerShell, deploying ModeloRAT and selling access to ransomware groups.
Application Security
node-ipc npm Package Hid Credential Stealer Across Three Versions
Socket and StepSecurity found stealer backdoors in three node-ipc npm versions targeting 90 cloud and developer credential categories via an unknown new publisher account.
Application Security
PraisonAI CVE-2026-44338 Exploited 3h44m After Public Disclosure
Attackers began exploiting a missing-authentication flaw in PraisonAI's Flask API server 3 hours and 44 minutes after the CVE-2026-44338 advisory was published on May 11.
Application Security
Burst Statistics CVE-2026-8181 Draws 7,400 Attacks in 24 Hours
Wordfence blocked over 7,400 attacks against CVE-2026-8181 in the Burst Statistics WordPress plugin within 24 hours of disclosure, with 115,000 sites still unpatched.
Application Security
NGINX CVE-2026-42945 Under Active Exploitation After F5 Patch Drop
VulnCheck confirmed in-the-wild exploitation of NGINX CVE-2026-42945, a critical heap overflow, within days of F5's patch; 5.7 million servers are exposed.
TOP CYBERSECURITY HEADLINES
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
Application Security
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
This Week’s Security Spotlight
Application Security
Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
Application Security
SAP S/4HANA SQL Injection CVE-2026-34260 Rated CVSS 9.6
CVE Vulnerability Alerts
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Microsoft Disrupts Fox Tempest Malware-Signing Service
Microsoft seized Fox Tempest's signspace.cloud domain and revoked over 1,000 fraudulent code-signing certificates used by ransomware groups and infostealers.
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
B1ack's Stash dark-web marketplace released 4.6 million stolen card records for free, with 4.3 million actionable, after resellers violated its terms.
Trapdoor Android Ad Fraud Scheme Generated 659M Fake Bids
HUMAN's Satori team disclosed Trapdoor, 455 malicious Android apps generating 659 million fake ad bids daily, with more than 24 million total downloads.
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
Version 18.95.0 of the Nx Console VS Code extension was weaponized for 11 minutes to steal 1Password vaults, AWS credentials, and Claude Code secrets.
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
Microsoft tracks Storm-2949, a threat actor using SSPR social engineering to hijack Azure accounts without malware and extract Key Vault secrets and M365 data.
Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
Drupal warned a highly critical vulnerability in versions 11.3.x through 10.5.x could be exploited within hours of its May 20, 2026 patch release date.
SEPPMail Gateway Hit with 7 CVEs, Including CVSS 10.0 RCE Flaw
Seven vulnerabilities in SEPPMail Secure E-Mail Gateway, including a CVSS 10.0 pre-auth RCE, could let attackers intercept all protected mail traffic.
Grafana Breach Traced to TanStack npm Supply Chain Attack
Grafana revealed the source code breach that exposed its GitHub repositories originated from a TanStack npm package poisoned by the TeamPCP threat actor.
CISA Orders Patch for Sixth Cisco SD-WAN Zero-Day of 2026
Cisco confirmed active exploitation of CVE-2026-20182, a CVSS 10.0 authentication bypass in SD-WAN, as CISA gave federal agencies three days to patch.
Exchange Server XSS CVE-2026-42897 Exploited via Crafted Email
Microsoft confirmed active exploitation of CVE-2026-42897, an XSS flaw in on-premises Exchange Server triggered when victims open malicious emails in OWA.
Ghostwriter APT Deploys Cobalt Strike in Geofenced Ukraine Campaign
ESET documented a Ghostwriter spear-phishing campaign using geofenced PDFs to deliver Cobalt Strike against Ukrainian and Polish government targets since March 2026.
OpenAI Confirms Breach via Mini Shai-Hulud npm Supply Chain Attack
OpenAI confirmed two employee devices were compromised through a supply chain attack, exposing code-signing certificates for macOS, Windows, iOS, and Android apps.
KongTuke IAB Uses Microsoft Teams to Deploy ModeloRAT in 5 Minutes
ReliaQuest found KongTuke impersonating IT help desk staff via Microsoft Teams to trick employees into running PowerShell, deploying ModeloRAT and selling access to ransomware groups.
node-ipc npm Package Hid Credential Stealer Across Three Versions
Socket and StepSecurity found stealer backdoors in three node-ipc npm versions targeting 90 cloud and developer credential categories via an unknown new publisher account.
PraisonAI CVE-2026-44338 Exploited 3h44m After Public Disclosure
Attackers began exploiting a missing-authentication flaw in PraisonAI's Flask API server 3 hours and 44 minutes after the CVE-2026-44338 advisory was published on May 11.
Burst Statistics CVE-2026-8181 Draws 7,400 Attacks in 24 Hours
Wordfence blocked over 7,400 attacks against CVE-2026-8181 in the Burst Statistics WordPress plugin within 24 hours of disclosure, with 115,000 sites still unpatched.
NGINX CVE-2026-42945 Under Active Exploitation After F5 Patch Drop
VulnCheck confirmed in-the-wild exploitation of NGINX CVE-2026-42945, a critical heap overflow, within days of F5's patch; 5.7 million servers are exposed.
CoinbaseCartel Steals Grafana Source Code via GitHub Token
Grafana Labs confirmed CoinbaseCartel stole its source code via a stolen GitHub token; the group has links to ShinyHunters; no customer data was affected.
MiniPlasma Windows Exploit Grants SYSTEM Access with No Patch
A researcher released a working MiniPlasma PoC granting SYSTEM access on fully patched Windows using an unpatched vulnerability first identified in 2020.
Leaked Shai-Hulud Code Fuels npm Infostealer Wave Targeting Devs
Shai-Hulud malware source code fueled a wave of poisoned npm packages in the @antv ecosystem, including echarts-for-react with 1.1 million weekly downloads.