AttackFeed by Joe Wagner

On Wednesday, Microsoft released two new red teaming tools—Rampart and Clarity—,meant to help developers design more secure agentic software and assist incident responders in the face of ongoing breaches. Rampart is built on top of PyRIT, an existing open automation framework Microsoft developed for red teaming generative AI systems. But while PyRIT scans already-built systems … Read More “Meet Rampart and Clarity, Microsoft’s new red team combo AI agents  – CyberScoop” »

Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI … Read More “Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development  – The Hacker News” »

GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the … Read More “Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks  – The Hacker News” »

GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools. The Microsoft-owned company said in posts on X that it detected and contained the … Read More “GitHub says internal repositories were impacted in poisoned VS Code extension attack  – CyberScoop” »

Before indicators, before oscillators, before anything that requires a formula – the market communicates through price structure. Peaks…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, “identity dark matter” (the unseen, unmanaged elements of identity) now overshadows the visible elements 57% vs. 43%. And it couldn’t have occurred at a worse time, with enterprises embracing Agent … Read More “Agent AI is Coming. Are You Ready?  – The Hacker News” »

Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by Broadcom-owned Symantec in September 2022, is assessed to be active since at least 2022, targeting government agencies  – … Read More “Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API  – The Hacker News” »

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Banana RAT malware hidden in fake invoices and security update screens targets customers at 16 Brazilian banks stealing data with QR fraud.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR  Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate … Read More “Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem  – The Hacker News” »

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. “Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred … Read More “Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit  – The Hacker News” »

Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories. “After the initial assessment, … Read More “Grafana GitHub Breach Exposes Source Code via TanStack npm Attack  – The Hacker News” »

GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ … Read More “GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories  – The Hacker News” »

Congressional Democrats want answers from the Cybersecurity and Infrastructure Security Agency about the reported public exposure of sensitive agency credential data on GitHub in an incident that the security researcher who discovered it called one of the worst leaks he’s ever seen. Other security professionals also voiced concern Tuesday about the leak and the potential … Read More “CISA credential leak raises alarms, and Capitol Hill demands answers  – CyberScoop” »

AI agent security starts with a simple fact: the more authority an agent has, the tighter its access…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Attackers couldn’t get enough of the vulnerabilities at their disposal last year, making exploits the top initial access vector across more than 22,000 breaches Verizon analyzed in its latest Data Breach Investigations Report released Tuesday. The massive annual study uncovered a surge of exploited vulnerabilities during a one-year period ending in October 2025. Exploited defects … Read More “Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches  – CyberScoop” »

Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN’s Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains, turning the infrastructure into a pipeline for multi-stage fraud. “Users  – Read More  – … Read More “Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps  – The Hacker News” »

Cybersecurity researchers successfully demonstrated 47 unique zero-day exploits at Pwn2Own Berlin 2026, targeting major enterprise software and AI platforms.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Why do maintenance teams struggle? Is it because they lack skills? Or do they need more advanced resources?…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Torrance, United States / California, 19th May 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A self-replicating malware campaign known as Mini Shai-Hulud has resurfaced, this time embedding itself across hundreds of npm packages. The threat actor behind it, identified as TeamPCP, has been linked to earlier waves of the same campaign, with this latest variant more capable than previous waves. Researchers analyzing the payload found a worm that spreads … Read More “Mini Shai-Hulud returns, compromising hundreds of npm packages  – CyberScoop” »

Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that … Read More “DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability  – The Hacker News” »

Microsoft seized infrastructure and disrupted a cybercrime service that created and sold more than 1,000 code-signing certificates that other cybercriminals used to make malware-riddled software appear trusted and legitimate for follow-on cyberattacks, including ransomware, the company said Tuesday. The financially-motivated threat group, which Microsoft tracks as Fox Tempest, provided the malware-signing-as-a-service to multiple ransomware groups, … Read More “Microsoft disrupts cybercrime service that abused software verification systems en masse  – CyberScoop” »

New York, United States, 19th May 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Drupal has issued an alert stating that it intends to release a “core security release” for all supported branches on May 20, 2026, from 5-9 p.m. UTC. “The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” the maintainers of the … Read More “Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare  – The Hacker News” »

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.  The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had … Read More “The New Phishing Click: How OAuth Consent Bypasses MFA  – The Hacker News” »

Hackers are actively exploiting the Nginx Rift vulnerability affecting NGINX and F5 products, exposing servers to denial-of-service attacks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

There’s a quiet pattern among the agencies that consistently outperform their competitors. Their client retention rates are higher.…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Hackers are actively exploiting the Nginx Rift vulnerability affecting NGINX and F5 products, exposing servers to denial-of-service attacks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. “These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the … Read More “SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access  – The Hacker News” »

Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. “These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the … Read More “SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access  – The Hacker News” »

Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code editors like VS Code, Cursor, and JetBrains. The VS Code extension has more than 2.2 … Read More “Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer  – The Hacker News” »