Cyber Security
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Hackers spent 77 days inside NYC Health + Hospitals via a vendor breach, stealing fingerprints, medical records, and SSNs from 1.8 million patients.
Cybersecurity
Poland Drops Signal After Russian APTs Compromise Officials’ Accounts
Poland abandoned Signal after Russian APTs compromised officials' accounts via fake support calls and malicious QR codes that bypassed its encryption.
Cybersecurity
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
EvilTokens, a phishing service launched in February 2026, bypassed MFA in 340 Microsoft 365 organizations by stealing OAuth tokens instead of passwords.
Cybersecurity
Webworm APT Uses Discord and OneDrive as C2 in Government Espionage
Webworm, a China-aligned APT, deployed EchoCreep and GraphWorm backdoors that abuse Discord and Microsoft OneDrive as C2 channels against government targets.
Cybersecurity
PinTheft PoC Goes Public, Narrowing Arch Linux Exploit Window
V12 security team released a working PinTheft exploit for an Arch Linux kernel double-free, enabling local root escalation on unpatched systems with RDS loaded.
Application Security
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
A null-byte sandbox bypass in Claude Code allowed credential exfiltration via prompt injection, present from October 2025 until Anthropic's silent March patch.
Cybersecurity
Huawei Zero-Day Caused Luxembourg’s 3-Hour National Telecom Blackout
A zero-day in Huawei routers crashed Luxembourg's national telecom in July 2025 for three hours, cutting emergency services, with no CVE and no confirmed patch.
Application Security
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
CVE-2026-3102 in ExifTool's SetMacOSTags lets a crafted image execute shell commands on macOS; the flaw is patched in ExifTool 13.50 after Kaspersky disclosure.
Application Security
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
A Go module typosquatting shopspring/decimal deployed a DNS-based backdoor polling for OS commands every five minutes, targeting financial app developers.
Application Security
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
CVE-2026-46376 in FreePBX hardcodes setup credentials in the User Control Panel, letting unauthenticated attackers access phone systems and commit toll fraud.
Cybersecurity
Pardus Linux CVSS 9.3 Flaw Exposes Turkish Government Systems to Root
A three-vulnerability chain in Pardus Linux's pardus-update package lets any local user gain root on Turkish government systems; no patch is available yet.
CVE Vulnerability Alerts
CVE-2026-46333: Linux Kernel Flaw Grants Root via ssh-keysign
Qualys disclosed CVE-2026-46333, a nine-year-old Linux privilege escalation flaw that gives local users a reliable path to root on Debian, Fedora, and Ubuntu.
CVE Vulnerability Alerts
CISA Adds Two Exploited Microsoft Defender Zero-Days to KEV
Microsoft Defender is actively being exploited via two zero-days, CVE-2026-41091 and CVE-2026-45498, which CISA added to its KEV catalog on May 20, 2026.
Cybersecurity
Ukraine IDs 18-Year-Old Who Stole 28,000 Accounts, $721K
Ukrainian cyberpolice and U.S. law enforcement identified an 18-year-old from Odesa behind 28,000 stolen accounts and $721,000 in fraudulent purchases.
CVE Vulnerability Alerts
SonicWall Gen6 MFA Bypass CVE-2024-12802 Left Open by Incomplete Patch
SonicWall's patch for CVE-2024-12802 needed a manual LDAP reconfiguration most admins skipped, leaving Gen6 VPN open to MFA bypass and ransomware access.
Cybersecurity
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
The hacker group TeamPCP claims unauthorized access to ~4,000 GitHub private repositories and is demanding a $50,000 ransom for the stolen source code.
CVE Vulnerability Alerts
CVE-2026-45585: Windows Zero-Day Bypasses BitLocker
Microsoft disclosed CVE-2026-45585, a Windows zero-day that allows attackers with physical access to bypass BitLocker encryption without the decryption key.
Application Security
CVE-2026-45829: Max-Severity Flaw Lets Attackers Hijack ChromaDB
CVE-2026-45829 is a maximum-severity pre-auth flaw in ChromaDB allowing server hijacking; about 73% of internet-exposed instances run a vulnerable version.
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Microsoft seized Fox Tempest's signspace.cloud domain and revoked over 1,000 fraudulent code-signing certificates used by ransomware groups and infostealers.
Cybersecurity
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
B1ack's Stash dark-web marketplace released 4.6 million stolen card records for free, with 4.3 million actionable, after resellers violated its terms.
TOP CYBERSECURITY HEADLINES
Application Security
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
This Week’s Security Spotlight
Application Security
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Application Security
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
CVE Vulnerability Alerts
SonicWall Gen6 MFA Bypass CVE-2024-12802 Left Open by Incomplete Patch
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Webworm APT Uses Discord and OneDrive as C2 in Government Espionage
Webworm, a China-aligned APT, deployed EchoCreep and GraphWorm backdoors that abuse Discord and Microsoft OneDrive as C2 channels against government targets.
PinTheft PoC Goes Public, Narrowing Arch Linux Exploit Window
V12 security team released a working PinTheft exploit for an Arch Linux kernel double-free, enabling local root escalation on unpatched systems with RDS loaded.
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
A null-byte sandbox bypass in Claude Code allowed credential exfiltration via prompt injection, present from October 2025 until Anthropic's silent March patch.
Huawei Zero-Day Caused Luxembourg’s 3-Hour National Telecom Blackout
A zero-day in Huawei routers crashed Luxembourg's national telecom in July 2025 for three hours, cutting emergency services, with no CVE and no confirmed patch.
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
CVE-2026-3102 in ExifTool's SetMacOSTags lets a crafted image execute shell commands on macOS; the flaw is patched in ExifTool 13.50 after Kaspersky disclosure.
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
A Go module typosquatting shopspring/decimal deployed a DNS-based backdoor polling for OS commands every five minutes, targeting financial app developers.
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
CVE-2026-46376 in FreePBX hardcodes setup credentials in the User Control Panel, letting unauthenticated attackers access phone systems and commit toll fraud.
Pardus Linux CVSS 9.3 Flaw Exposes Turkish Government Systems to Root
A three-vulnerability chain in Pardus Linux's pardus-update package lets any local user gain root on Turkish government systems; no patch is available yet.
CVE-2026-46333: Linux Kernel Flaw Grants Root via ssh-keysign
Qualys disclosed CVE-2026-46333, a nine-year-old Linux privilege escalation flaw that gives local users a reliable path to root on Debian, Fedora, and Ubuntu.
CISA Adds Two Exploited Microsoft Defender Zero-Days to KEV
Microsoft Defender is actively being exploited via two zero-days, CVE-2026-41091 and CVE-2026-45498, which CISA added to its KEV catalog on May 20, 2026.
Ukraine IDs 18-Year-Old Who Stole 28,000 Accounts, $721K
Ukrainian cyberpolice and U.S. law enforcement identified an 18-year-old from Odesa behind 28,000 stolen accounts and $721,000 in fraudulent purchases.
SonicWall Gen6 MFA Bypass CVE-2024-12802 Left Open by Incomplete Patch
SonicWall's patch for CVE-2024-12802 needed a manual LDAP reconfiguration most admins skipped, leaving Gen6 VPN open to MFA bypass and ransomware access.
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
The hacker group TeamPCP claims unauthorized access to ~4,000 GitHub private repositories and is demanding a $50,000 ransom for the stolen source code.
CVE-2026-45585: Windows Zero-Day Bypasses BitLocker
Microsoft disclosed CVE-2026-45585, a Windows zero-day that allows attackers with physical access to bypass BitLocker encryption without the decryption key.
CVE-2026-45829: Max-Severity Flaw Lets Attackers Hijack ChromaDB
CVE-2026-45829 is a maximum-severity pre-auth flaw in ChromaDB allowing server hijacking; about 73% of internet-exposed instances run a vulnerable version.
Microsoft Disrupts Fox Tempest Malware-Signing Service
Microsoft seized Fox Tempest's signspace.cloud domain and revoked over 1,000 fraudulent code-signing certificates used by ransomware groups and infostealers.
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
B1ack's Stash dark-web marketplace released 4.6 million stolen card records for free, with 4.3 million actionable, after resellers violated its terms.
Trapdoor Android Ad Fraud Scheme Generated 659M Fake Bids
HUMAN's Satori team disclosed Trapdoor, 455 malicious Android apps generating 659 million fake ad bids daily, with more than 24 million total downloads.
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
Version 18.95.0 of the Nx Console VS Code extension was weaponized for 11 minutes to steal 1Password vaults, AWS credentials, and Claude Code secrets.
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
Microsoft tracks Storm-2949, a threat actor using SSPR social engineering to hijack Azure accounts without malware and extract Key Vault secrets and M365 data.