Cyber Security
Cybersecurity
CoinbaseCartel Steals Grafana Source Code via GitHub Token
Grafana Labs confirmed CoinbaseCartel stole its source code via a stolen GitHub token; the group has links to ShinyHunters; no customer data was affected.
Cybersecurity
MiniPlasma Windows Exploit Grants SYSTEM Access with No Patch
A researcher released a working MiniPlasma PoC granting SYSTEM access on fully patched Windows using an unpatched vulnerability first identified in 2020.
Application Security
Leaked Shai-Hulud Code Fuels npm Infostealer Wave Targeting Devs
Shai-Hulud malware source code fueled a wave of poisoned npm packages in the @antv ecosystem, including echarts-for-react with 1.1 million weekly downloads.
Cybersecurity
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
INTERPOL Operation Ramz arrested 201 suspects and seized 53 servers across 13 MENA countries in a five-month cybercrime crackdown concluding February 2026.
Application Security
Pwn2Own Berlin 2026 Closes with $1.3M in Zero-Day Prizes
Pwn2Own Berlin 2026 concluded with $1.3 million in prizes, including the first successful exploits of AI agent platforms in the competition's history.
Application Security
GitHub Actions Supply Chain Attack Hijacks actions-cool Tags
Attackers hijacked two actions-cool GitHub Actions workflows via imposter commits, stealing CI/CD credentials from all pipelines that ran them by version tag.
Cybersecurity
ShinyHunters Claims 600,000-Record 7-Eleven Salesforce Breach
ShinyHunters claimed and 7-Eleven confirmed a breach of its Salesforce CRM containing over 600,000 records, with a ransom demand issued to the retail chain.
Cybersecurity
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Tycoon2FA's latest update adds device-code phishing that hands attackers a valid Microsoft 365 OAuth token without requiring the victim's password or MFA code.
Application Security
18-Year NGINX Flaw CVE-2026-42945 Enables Unauthenticated RCE
Security researcher depthfirst disclosed CVE-2026-42945, an 18-year heap overflow in NGINX's rewrite module enabling unauthenticated RCE. CVSS 9.2 critical.
Application Security
FamousSparrow APT Hit Azerbaijani Energy Firm in Three Waves
Bitdefender researchers documented three consecutive FamousSparrow intrusions against an Azerbaijani oil and gas firm between December 2025 and February 2026.
Cybersecurity
MuddyWater Targeted South Korean Electronics Maker via DLL Sideloading
Iran-linked MuddyWater targeted nine organizations globally in 2026, including a South Korean electronics firm, using legitimate vendor DLLs for sideloading.
CVE Vulnerability Alerts
Linux Kernel Fragnesia CVE-2026-46300 Grants Root via Page Cache
CVE-2026-46300 Fragnesia is a third Linux kernel LPE enabling root access via page cache corruption with no race condition required. Patches available.
Application Security
YellowKey and GreenPlasma: Unpatched Windows Zero-Days Released
Two unpatched Windows zero-days, YellowKey and GreenPlasma, were publicly dropped after researchers expressed dissatisfaction with Microsoft's handling.
Cybersecurity
Foxconn Confirms Nitrogen Ransomware Stole 8TB of Customer IP
Nitrogen ransomware hit Foxconn's North American factories, encrypting systems and stealing 8TB of files containing schematics from Apple, Intel, and Google.
Cybersecurity
OpenLoop Health Breach Exposes 716,000 Patient Records
OpenLoop Health disclosed a January 2026 breach affecting 716,000 patients across two days, with a threat actor claiming the true total exceeds 1.6 million.
Cybersecurity
Alleged Dream Market Admin Speedstepper Arrested in Germany
US prosecutors charged Owe Martin Andresen as alleged Dream Market operator after German police arrested him for laundering over $2M in dark web proceeds.
Application Security
GemStuffer Campaign Abuses 150+ RubyGems as Data Dead Drops
Socket identified GemStuffer, a campaign abusing 150+ RubyGems packages to scrape UK government council portals and publish collected data as gem archives.
Cybersecurity
InterLock Claims Park Dental Research in 24-Hour Healthcare Blitz
InterLock ransomware posted four new victims in 24 hours on May 11, including Park Dental Research — a US healthcare target flagged in active FBI ...
CVE Vulnerability Alerts
Microsoft May 2026 Patch Tuesday: SharePoint RCE, NTLM Zero-Day
Microsoft's May 2026 Patch Tuesday fixes two actively exploited flaws including a zero-day NTLM hash leak requiring no user interaction to trigger.
Cybersecurity
ICO Fines South Staffordshire Water £963,900 Over Cl0p Breach
The UK ICO fined South Staffordshire Water £963,900 after Cl0p ransomware went undetected inside the utility's systems for 20 months, exposing 633,887 records.
TOP CYBERSECURITY HEADLINES
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
Application Security
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
This Week’s Security Spotlight
Application Security
Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
Application Security
SAP S/4HANA SQL Injection CVE-2026-34260 Rated CVSS 9.6
CVE Vulnerability Alerts
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
INTERPOL Operation Ramz arrested 201 suspects and seized 53 servers across 13 MENA countries in a five-month cybercrime crackdown concluding February 2026.
Pwn2Own Berlin 2026 Closes with $1.3M in Zero-Day Prizes
Pwn2Own Berlin 2026 concluded with $1.3 million in prizes, including the first successful exploits of AI agent platforms in the competition's history.
GitHub Actions Supply Chain Attack Hijacks actions-cool Tags
Attackers hijacked two actions-cool GitHub Actions workflows via imposter commits, stealing CI/CD credentials from all pipelines that ran them by version tag.
ShinyHunters Claims 600,000-Record 7-Eleven Salesforce Breach
ShinyHunters claimed and 7-Eleven confirmed a breach of its Salesforce CRM containing over 600,000 records, with a ransom demand issued to the retail chain.
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Tycoon2FA's latest update adds device-code phishing that hands attackers a valid Microsoft 365 OAuth token without requiring the victim's password or MFA code.
18-Year NGINX Flaw CVE-2026-42945 Enables Unauthenticated RCE
Security researcher depthfirst disclosed CVE-2026-42945, an 18-year heap overflow in NGINX's rewrite module enabling unauthenticated RCE. CVSS 9.2 critical.
FamousSparrow APT Hit Azerbaijani Energy Firm in Three Waves
Bitdefender researchers documented three consecutive FamousSparrow intrusions against an Azerbaijani oil and gas firm between December 2025 and February 2026.
MuddyWater Targeted South Korean Electronics Maker via DLL Sideloading
Iran-linked MuddyWater targeted nine organizations globally in 2026, including a South Korean electronics firm, using legitimate vendor DLLs for sideloading.
Linux Kernel Fragnesia CVE-2026-46300 Grants Root via Page Cache
CVE-2026-46300 Fragnesia is a third Linux kernel LPE enabling root access via page cache corruption with no race condition required. Patches available.
YellowKey and GreenPlasma: Unpatched Windows Zero-Days Released
Two unpatched Windows zero-days, YellowKey and GreenPlasma, were publicly dropped after researchers expressed dissatisfaction with Microsoft's handling.
Foxconn Confirms Nitrogen Ransomware Stole 8TB of Customer IP
Nitrogen ransomware hit Foxconn's North American factories, encrypting systems and stealing 8TB of files containing schematics from Apple, Intel, and Google.
OpenLoop Health Breach Exposes 716,000 Patient Records
OpenLoop Health disclosed a January 2026 breach affecting 716,000 patients across two days, with a threat actor claiming the true total exceeds 1.6 million.
Alleged Dream Market Admin Speedstepper Arrested in Germany
US prosecutors charged Owe Martin Andresen as alleged Dream Market operator after German police arrested him for laundering over $2M in dark web proceeds.
GemStuffer Campaign Abuses 150+ RubyGems as Data Dead Drops
Socket identified GemStuffer, a campaign abusing 150+ RubyGems packages to scrape UK government council portals and publish collected data as gem archives.
InterLock Claims Park Dental Research in 24-Hour Healthcare Blitz
InterLock ransomware posted four new victims in 24 hours on May 11, including Park Dental Research — a US healthcare target flagged in active FBI ...
Microsoft May 2026 Patch Tuesday: SharePoint RCE, NTLM Zero-Day
Microsoft's May 2026 Patch Tuesday fixes two actively exploited flaws including a zero-day NTLM hash leak requiring no user interaction to trigger.
ICO Fines South Staffordshire Water £963,900 Over Cl0p Breach
The UK ICO fined South Staffordshire Water £963,900 after Cl0p ransomware went undetected inside the utility's systems for 20 months, exposing 633,887 records.
Gentlemen Ransomware Group’s Internal Data Leaked Publicly
Internal data from the Gentlemen ransomware group — including bitcoin wallets and communications from 300+ victim operations — was posted publicly on MediaFire.
Sri Lanka Arrests 628 in Colombo Crypto Fraud Compound Bust
Sri Lankan police arrested 628 foreign nationals running crypto fraud and pig-butchering scam operations from luxury apartments in Colombo in a coordinated sweep.
SAP S/4HANA SQL Injection CVE-2026-34260 Rated CVSS 9.6
SAP's May 2026 Security Patch Day fixes CVE-2026-34260, a CVSS 9.6 SQL injection in S/4HANA Enterprise Search that lets authenticated attackers read or delete ERP ...