tag:blogger.com,1999:blog-48028414786341472762026-05-22T14:20:18.392+05:30The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackersUnknownnoreply@blogger.comBlogger16418125tag:blogger.com,1999:blog-4802841478634147276.post-51238618686899117492026-05-22T14:20:18.391+05:302026-05-22T14:20:18.392+05:30

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be a variant of AISURU. "Kimwolf

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-76390859236481194612026-05-22T11:17:33.647+05:302026-05-22T14:00:13.546+05:30

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-34291 (CVSS score: 9.4) - An origin validation error vulnerability in Langflow that could

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-7410948574372149582026-05-22T11:06:18.309+05:302026-05-22T11:08:34.019+05:30

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints. "An attacker could exploit this vulnerability if they are able to send

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-40181521685780877202026-05-21T19:47:09.492+05:302026-05-21T22:05:26.767+05:30

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. "Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a SOCKS5 proxy," Lumen

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-44874682893004110072026-05-21T17:22:14.520+05:302026-05-22T10:59:52.155+05:30

This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. The danger is in normal things now - updates, apps, cloud buttons, support chats, trusted accounts. AI

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-68050362436091080002026-05-21T16:25:57.091+05:302026-05-22T13:59:49.049+05:30

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. "Improper link resolution before file access ('link following') in Microsoft Defender

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-13238078923865750972026-05-21T16:00:00.000+05:302026-05-21T16:00:00.114+05:30

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have opened a path to some 98% of entities in the company's cloud

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-60150478488173037472026-05-21T13:05:53.804+05:302026-05-21T13:21:09.476+05:30

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-58265433430828429942026-05-21T09:57:01.180+05:302026-05-21T11:26:01.698+05:30

GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension.  The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its developers' systems was hacked in the

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-34996938137521945862026-05-21T09:14:11.287+05:302026-05-22T11:00:46.584+05:30

Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 out of 10.0, per CVE.org. Drupal said the vulnerability resides in a database abstraction API that is

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-88146397597951251202026-05-20T22:36:54.856+05:302026-05-21T10:09:18.930+05:30

Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI agents, covering

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-43844564515481909162026-05-20T20:06:44.537+05:302026-05-20T20:06:44.538+05:30

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS scheme

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-51294278209244470152026-05-20T18:21:43.904+05:302026-05-21T16:11:39.188+05:30

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by Broadcom-owned Symantec in September 2022, is assessed to be active since at least 2022, targeting government agencies

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-70440369176036319042026-05-20T17:28:00.000+05:302026-05-20T17:32:45.429+05:30

New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, "identity dark matter" (the unseen, unmanaged elements of identity) now overshadows the visible elements 57% vs. 43%. And it couldn't have occurred at a worse time, with enterprises embracing Agent AI with both arms (and unfortunately, as

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-16542799876724046832026-05-20T17:08:43.932+05:302026-05-20T21:40:25.704+05:30

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. "While we currently have no evidence of impact to customer information stored outside of GitHub's internal repositories (such as our customers' enterprises,

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-18918929625777712242026-05-20T16:00:00.000+05:302026-05-20T16:00:00.107+05:30

AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR  Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate third-party scripts.

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-24755702320705293252026-05-20T13:58:26.969+05:302026-05-20T18:07:34.567+05:30

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. "Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as 'YellowKey,'" the

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-62672038368210067142026-05-20T10:42:06.035+05:302026-05-20T10:43:01.113+05:30

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories. "After the initial assessment, we found that in addition to source

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-28397943158296418032026-05-19T22:08:12.340+05:302026-05-19T22:08:12.341+05:30

Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains, turning the infrastructure into a pipeline for multi-stage fraud. "Users

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-44948414956131252182026-05-19T20:26:26.492+05:302026-05-20T09:40:17.300+05:30

Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that it was a duplicate of a vulnerability that had

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-37158250828958756522026-05-19T17:00:00.000+05:302026-05-19T17:00:00.130+05:30

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.  The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-90672960679298981942026-05-19T16:14:45.020+05:302026-05-20T20:10:58.531+05:30

Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days," the maintainers of the PHP-based content management system (CMS) said. "Not all configurations are

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-62270423592232518772026-05-19T14:53:15.145+05:302026-05-19T14:53:15.145+05:30

Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the internal network,"

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-67622258839477917622026-05-19T13:19:23.209+05:302026-05-21T11:25:11.181+05:30

Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code editors like VS Code, Cursor, and JetBrains. The VS Code extension has more than 2.2 million installations. The Open

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-58326981642278315902026-05-19T10:58:06.853+05:302026-05-19T14:42:32.580+05:30

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action's normal commit history,

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.com