NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
May 21, 2026
Hackers spent 77 days inside NYC Health + Hospitals via a vendor breach, stealing fingerprints, medical records, and SSNs from
News
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Hackers spent 77 days inside NYC Health + Hospitals via a vendor breach, stealing fingerprints, medical records, and SSNs from 1.8 million patients.
Poland Drops Signal After Russian APTs Compromise Officials’ Accounts
Poland abandoned Signal after Russian APTs compromised officials' accounts via fake support calls and malicious QR codes that bypassed its encryption.
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
EvilTokens, a phishing service launched in February 2026, bypassed MFA in 340 Microsoft 365 organizations by stealing OAuth tokens instead of passwords.
Webworm APT Uses Discord and OneDrive as C2 in Government Espionage
Webworm, a China-aligned APT, deployed EchoCreep and GraphWorm backdoors that abuse Discord and Microsoft OneDrive as C2 channels against government targets.
PinTheft PoC Goes Public, Narrowing Arch Linux Exploit Window
V12 security team released a working PinTheft exploit for an Arch Linux kernel double-free, enabling local root escalation on unpatched systems with RDS loaded.
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
A null-byte sandbox bypass in Claude Code allowed credential exfiltration via prompt injection, present from October 2025 until Anthropic's silent March patch.
Huawei Zero-Day Caused Luxembourg’s 3-Hour National Telecom Blackout
A zero-day in Huawei routers crashed Luxembourg's national telecom in July 2025 for three hours, cutting emergency services, with no CVE and no confirmed patch.
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
CVE-2026-3102 in ExifTool's SetMacOSTags lets a crafted image execute shell commands on macOS; the flaw is patched in ExifTool 13.50 after Kaspersky disclosure.
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
A Go module typosquatting shopspring/decimal deployed a DNS-based backdoor polling for OS commands every five minutes, targeting financial app developers.
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
CVE-2026-46376 in FreePBX hardcodes setup credentials in the User Control Panel, letting unauthenticated attackers access phone systems and commit toll fraud.
Poland Drops Signal After Russian APTs Compromise Officials’ Accounts
May 21, 2026
Poland abandoned Signal after Russian APTs compromised officials’ accounts via fake support calls and malicious QR codes that bypassed its
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
May 21, 2026
EvilTokens, a phishing service launched in February 2026, bypassed MFA in 340 Microsoft 365 organizations by stealing OAuth tokens instead
Webworm APT Uses Discord and OneDrive as C2 in Government Espionage
May 21, 2026
Webworm, a China-aligned APT, deployed EchoCreep and GraphWorm backdoors that abuse Discord and Microsoft OneDrive as C2 channels against government
PinTheft PoC Goes Public, Narrowing Arch Linux Exploit Window
May 21, 2026
V12 security team released a working PinTheft exploit for an Arch Linux kernel double-free, enabling local root escalation on unpatched
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
May 21, 2026
A null-byte sandbox bypass in Claude Code allowed credential exfiltration via prompt injection, present from October 2025 until Anthropic’s silent
Huawei Zero-Day Caused Luxembourg’s 3-Hour National Telecom Blackout
May 21, 2026
A zero-day in Huawei routers crashed Luxembourg’s national telecom in July 2025 for three hours, cutting emergency services, with no
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
May 21, 2026
CVE-2026-3102 in ExifTool’s SetMacOSTags lets a crafted image execute shell commands on macOS; the flaw is patched in ExifTool 13.50
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
May 21, 2026
A Go module typosquatting shopspring/decimal deployed a DNS-based backdoor polling for OS commands every five minutes, targeting financial app developers.
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
May 21, 2026
CVE-2026-46376 in FreePBX hardcodes setup credentials in the User Control Panel, letting unauthenticated attackers access phone systems and commit toll
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.