May 2026

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)

Don't miss, exploit, Hot stuff, News, Nginx, PoC, VulnCheck, vulnerability /

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) 2026-05-18 at 16:32 By Zeljka Zorz A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and can potentially allow for unauthenticated remote […]

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) Read More »

Security Isn’t a Commodity. Neither Is Off-Duty Law Enforcement

Uncategorized /

Security Isn’t a Commodity. Neither Is Off-Duty Law Enforcement 2026-05-18 at 16:25 By During periods of economic pressure, leadership teams inevitably begin asking the same question: “Where can we cut security spend without increasing risk?” This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

Security Isn’t a Commodity. Neither Is Off-Duty Law Enforcement Read More »

Millions Impacted Across Several US Healthcare Data Breaches

data breach, Data Breaches, healthcare /

Millions Impacted Across Several US Healthcare Data Breaches 2026-05-18 at 16:25 By Eduard Kovacs Several healthcare data breaches impacting hundreds of thousands and even millions were added to the HHS tracker. The post Millions Impacted Across Several US Healthcare Data Breaches appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Millions Impacted Across Several US Healthcare Data Breaches Read More »

SmartBear expands ReadyAPI with AI-powered API testing capabilities

Industry news, SmartBear /

SmartBear expands ReadyAPI with AI-powered API testing capabilities 2026-05-18 at 15:49 By Industry News SmartBear has announced ReadyAPI’s new AI test generation capability that accelerates API testing by up to 80% while giving teams control to enable or disable AI. While competitors focus on speed alone, ReadyAPI’s AI test generation capability is architected for quality

SmartBear expands ReadyAPI with AI-powered API testing capabilities Read More »

‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery

AI, Artificial Intelligence, OpenClaw, Vulnerabilities, vulnerability /

‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery 2026-05-18 at 15:48 By Ionut Arghire Four vulnerabilities in OpenClaw can be chained together to steal credentials, escape the sandbox, and plant persistent backdoors. The post ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery Read More »

7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand

7-Eleven, data breach, Data Breaches, Salesforce, ShinyHunters /

7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand 2026-05-18 at 15:10 By Eduard Kovacs The hackers claimed to have stolen more than 600,000 Salesforce records, including personal information and corporate data.  The post 7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand Read More »

Developer Workstations Are Now Part of the Software Supply Chain

Uncategorized /

Developer Workstations Are Now Part of the Software Supply Chain 2026-05-18 at 15:10 By Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and

Developer Workstations Are Now Part of the Software Supply Chain Read More »

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Uncategorized /

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws 2026-05-18 at 15:10 By Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws Read More »

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE

exploit, MiniPlasma, unpatched, Vulnerabilities, vulnerability, Windows /

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE 2026-05-18 at 13:58 By Ionut Arghire The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug. The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE Read More »

TikTok was set to pay $1B in 2024 over kids privacy breaches – years before DOJ’s sweetheart $400M deal: sources

Uncategorized /

TikTok was set to pay $1B in 2024 over kids privacy breaches – years before DOJ’s sweetheart $400M deal: sources 2026-05-18 at 13:34 By Thomas Barrabi TikTok is nearing a $400 million truce with President Trump’s Justice Department over child data privacy breaches – a sweetheart deal as the social-media app was willing to pay

TikTok was set to pay $1B in 2024 over kids privacy breaches – years before DOJ’s sweetheart $400M deal: sources Read More »

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

Uncategorized /

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems 2026-05-18 at 13:34 By Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems Read More »

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Uncategorized /

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware 2026-05-18 at 13:34 By Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below – chalk-tempalte (825 Downloads) @deadcode09284814/axios-util (284 Downloads) axois-utils (963

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware Read More »

Attackers accessed, downloaded code from Grafana Labs’ GitHub

data theft, DevOps, Don't miss, extortion, Grafana, Hot stuff, News, open source /

Attackers accessed, downloaded code from Grafana Labs’ GitHub 2026-05-18 at 12:57 By Zeljka Zorz A threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization firm announced on Sunday. The breach is significant given Grafana Labs’ widespread use across enterprise engineering and DevOps teams

Attackers accessed, downloaded code from Grafana Labs’ GitHub Read More »

201 arrested in INTERPOL disruption of phishing and fraud networks

arrest, cybercrime, Interpol, Malware, News, phishing /

201 arrested in INTERPOL disruption of phishing and fraud networks 2026-05-18 at 12:08 By Anamarija Pogorelec Operation Ramz, a cybercrime initiative coordinated by INTERPOL across the MENA region, focused on disrupting phishing campaigns, malware activity, and cyber scams that caused substantial financial losses across the region. The operation resulted in the arrest of 201 individuals

201 arrested in INTERPOL disruption of phishing and fraud networks Read More »

Grafana Confirms Breach After Hackers Claim They Stole Data

cybercrime, data breach, Data Breaches, Grafana, ShinyHunters, source code /

Grafana Confirms Breach After Hackers Claim They Stole Data 2026-05-18 at 12:08 By Eduard Kovacs Grafana appears to have been targeted by Coinbase Cartel, a cybercrime group linked to ShinyHunters, Scattered Spider, and Lapsus$. The post Grafana Confirms Breach After Hackers Claim They Stole Data appeared first on SecurityWeek. This article is an excerpt from

Grafana Confirms Breach After Hackers Claim They Stole Data Read More »

Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

Uncategorized /

Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations 2026-05-18 at 12:08 By A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that

Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations Read More »

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

Uncategorized /

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems 2026-05-18 at 12:08 By Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems Read More »

Scroll to Top