Privacy/Governance Feed
The research community was awarded $1.3m as it found dozens of novel vulnerabilities at Pwn2Own Berlin – Read More –
Attack Feeds
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and … Read More “CISA Admin Leaked AWS GovCloud Keys on Github – Krebs on Security” »
Gov/ISAC Feeds
Multiple vulnerabilities have been discovered in NGINX, the most severe of which could allow for remote code execution. NGINX is a software used for web serving, reverse proxying, caching, and load balancing. Successful exploitation of the most severe of these vulnerabilities may allow an unauthenticated threat actor to crash vulnerable NGINX worker processes by sending … Read More “Multiple Vulnerabilities in NGINX Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
Attack Feeds
Modern OSINT platforms rely more on AI and automation, while older social tracking methods keep losing access due to privacy and API restrictions. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
As defenders get their hands on newer AI models with more powerful cybersecurity capabilities like Anthropic’s Mythos and OpenAI’s Daybreak, organizations are being told to prepare for a flood of new vulnerability reports. But for bug bounty programs across the nation, that day may already be here, as yesterday’s frontier models and today’s open-source AI … Read More “AI might cut false positives, but it won’t stop the slop – CyberScoop” »
Attack Feeds
Interpol coordinated an expansive investigation with 13 countries in the Middle East and North Africa to disrupt and take down cybercrime operations, including phishing services and tools, malware and scams. The law enforcement effort netted 201 arrests, led to the seizure of 53 servers and disrupted multiple cybercrime services, Interpol said Monday. Operation Ramz, which … Read More “Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa – CyberScoop” »
Attack Feeds
INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382 suspects. The initiative involved the efforts of 13 countries from the region between October 2025 and February 2026, aiming to investigate and neutralize malicious infrastructure, arrest perpetrators behind … Read More “INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests – The Hacker News” »
Attack Feeds
The newly discovered Reaper malware bypasses Apple’s macOS Tahoe 26.4 security updates to steal passwords, crypto assets, and install a permanent backdoor. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
Government Backed Hackers abused Cloudflare storage services in a Malaysian espionage campaign involving hidden C2 systems and data exfiltration. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency can leak keys. One leaked … Read More “⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More – The Hacker News” »
Attack Feeds
Performance reviews inside cybersecurity teams carry unusually high stakes. Security analysts, incident responders, IT administrators, and compliance staff… – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Early phishing detection … Read More “How to Reduce Phishing Exposure Before It Turns into Business Disruption – The Hacker News” »
Privacy/Governance Feed
New for 2026, the Infosecurity Europe Startup competition will see five finalists pitch their ideas in front of a live audience, including senior industry leaders, investors and buyers – Read More –
Privacy/Governance Feed
Over 200 people were arrested in an anti-cybercrime operation that spanned 13 countries across the Middle East and North Africa – Read More –
Attack Feeds
The Gentlemen ransomware gang suffered an internal breach in May 2026, exposing victim data, affiliate activity, and backend operations. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
New York, USA, 18th May 2026, CyberNewswire – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. “External control of … Read More “Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws – The Hacker News” »
Attack Feeds
Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud … Read More “Developer Workstations Are Now Part of the Software Supply Chain – The Hacker News” »
Attack Feeds
Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below – chalk-tempalte (825 Downloads) @deadcode09284814/axios-util (284 Downloads) axois-utils (963 Downloads) color-style-utils (934 Downloads) “One of the packages (chalk-tempalte) – Read More – The Hacker … Read More “Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware – The Hacker News” »
Privacy/Governance Feed
The UK’s National Cyber Security Centre is helping organizations to understand agentic AI security risks – Read More –
Attack Feeds
Earlier this month, ShinyHunters breached Instructure’s Canvas platform twice within a single week — stealing 3.65 terabytes of data from approximately 275 million users across more than 8,000 institutions. The group defaced login pages at hundreds of schools during final exam periods, forced Canvas offline, and extracted a ransom payment before Congress opened a formal … Read More “The Canvas breach proved that prevention is no longer enough – CyberScoop” »
Privacy/Governance Feed
Quantum computing is no longer a theoretical field of research or the domain of research labs and academia, but… The post Post-Quantum Cryptography: A Practical Roadmap for Indian Enterprises appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
Attack Feeds
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability impacts “cldflt.sys,” which refers to the Windows Cloud Files Mini Filter Driver, – Read More … Read More “MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems – The Hacker News” »
Attack Feeds
A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design. “Fast16’s hook engine is selectively interested … Read More “Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations – The Hacker News” »
Privacy/Governance Feed
The UK’s financial authorities have set expectations for the sector on cybersecurity and operational resilience – Read More –
Attack Feeds
Sean Plankey, most recently the nominee for director of the Cybersecurity and Infrastructure Security Agency, is joining defense technology company UFORCE as its U.S. chief executive officer. The London-based company created out of nine Ukrainian-based firms announced Plankey’s move Monday less than a month after he withdrew his nomination amid difficulties overcoming objections from senators … Read More “Former CISA nominee Sean Plankey named US CEO of defense startup – CyberScoop” »
Attack Feeds
Digital assets are reshaping global finance as institutions adopt regulated crypto infrastructure, stablecoins, and tokenized assets. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on May 17 APPLE-SA-05-11-2026-3 iPadOS 17.7.11 iPadOS 17.7.11 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127112. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Notification Services Available for: iPad Pro 12.9-inch 2nd generation, … Read More “APPLE-SA-05-11-2026-3 iPadOS 17.7.11 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on May 17 APPLE-SA-05-11-2026-4 iOS 16.7.16 and iPadOS 16.7.16 iOS 16.7.16 and iPadOS 16.7.16 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127113. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Notification Services Available … Read More “APPLE-SA-05-11-2026-4 iOS 16.7.16 and iPadOS 16.7.16 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on May 17 APPLE-SA-05-11-2026-5 iOS 15.8.8 and iPadOS 15.8.8 iOS 15.8.8 and iPadOS 15.8.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127114. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Notification Services Available … Read More “APPLE-SA-05-11-2026-5 iOS 15.8.8 and iPadOS 15.8.8 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on May 17 APPLE-SA-05-11-2026-6 macOS Tahoe 26.5 macOS Tahoe 26.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127115. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accelerate Available for: macOS Tahoe Impact: An … Read More “APPLE-SA-05-11-2026-6 macOS Tahoe 26.5 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on May 17 APPLE-SA-05-11-2026-7 macOS Sequoia 15.7.7 macOS Sequoia 15.7.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127116. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. APFS Available for: macOS Sequoia Impact: An … Read More “APPLE-SA-05-11-2026-7 macOS Sequoia 15.7.7 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on May 17 APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7 macOS Sonoma 14.8.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127117. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. APFS Available for: macOS Sonoma Impact: An … Read More “APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on May 17 APPLE-SA-05-11-2026-9 tvOS 26.5 tvOS 26.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127118. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accelerate Available for: Apple TV HD and Apple TV … Read More “APPLE-SA-05-11-2026-9 tvOS 26.5 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on May 17 APPLE-SA-05-11-2026-10 watchOS 26.5 watchOS 26.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127119. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accelerate Available for: Apple Watch Series 6 and later … Read More “APPLE-SA-05-11-2026-10 watchOS 26.5 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on May 17 APPLE-SA-05-11-2026-11 visionOS 26.5 visionOS 26.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127120. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accelerate Available for: Apple Vision Pro (all models) Impact: … Read More “APPLE-SA-05-11-2026-11 visionOS 26.5 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on May 17 APPLE-SA-05-13-2026-1 Safari 26.5 Safari 26.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127121. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. WebKit Available for: macOS Sonoma and macOS Sequoia Impact: … Read More “APPLE-SA-05-13-2026-1 Safari 26.5 – Full Disclosure” »
Attack Feeds
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the … Read More “NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE – The Hacker News” »
Attack Feeds
Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase. “Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” Grafana … Read More “Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt – The Hacker News” »
Attack Feeds
Businesses are advised against paying – but many are prepared to deal to protect users’ privacy After a week of outages, hundreds of millions of students’ data stolen, delayed assignment due dates and school login pages being defaced by hackers, the US tech firm Instructure – which operates the education platform Canvas, used by education … Read More “Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data? – Data and computer security | The Guardian” »
Attack Feeds
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier. … Read More “Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming – The Hacker News” »
Attack Feeds
Critical Claw Chain vulnerabilities in OpenClaw expose thousands of AI servers to data theft, backdoors, and admin-level attacks globally this week. . – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
Explore AI voice cloning technology, leading companies, real-world uses, ethical risks, and future trends shaping synthetic voices. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
Welcome to the third and final day of Pwn2Own Berlin 2026! Over the past two days, some amazing research has been put on display, and today looks just as intense. So far, we have awarded $908,750 for 39 unique zero days. With SharePoint and ESXi as targets today, the chances are excellent for crossing the … Read More “Pwn2Own Berlin 2026: Day Three Results and Master of Pwn – Zero Day Initiative – Blog” »
Attack Feeds
Colorado Governor Jared Polis has commuted the prison sentence of Tina Peters, the former Mesa County election clerk who was sentenced last year to serve nine years in state prison for carrying out one of the most serious election-related data breaches in U.S. history. Peters was arrested in 2021, accused of abusing her position as … Read More “Colorado governor commutes prison sentence for election denier Tina Peters – CyberScoop” »
Attack Feeds
AI agents are reshaping cybersecurity. Learn why verification, trusted identity standards, and runtime controls are now essential. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Gov/ISAC Feeds
A vulnerability has been discovered in Microsoft Exchange Server that could allow for arbitrary code execution. Microsoft Exchange Server is an enterprise-level email and collaboration platform developed by Microsoft that runs on Windows Server. Successful exploitation could allow for arbitrary JavaScript to be executed in the browser context. The malicious code would run with the … Read More “A Vulnerability in Microsoft Exchange Server Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Attack Feeds
The Federal Trade Commission is set to begin enforcing a key provision of the Take Down Act on May 19, requiring websites and online services to remove nonconsensual deepfake media within 48 hours after a victim’s notice—or risk fines and FTC investigation. The law, passed by Congress last year, allowed law enforcement to immediately prosecute … Read More “Here’s how the FTC plans to enforce the Take It Down Act – CyberScoop” »