May, 2026 - Security Ticks

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)

continuous integration, Don't miss, Hot stuff, JetBrains, News, software delivery, vulnerability / SecurityTicks

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413) 2026-05-12 at 17:35 By Zeljka Zorz JetBrains has patched a high-severity vulnerability (CVE-2026-44413) in TeamCity, its popular continuous integration and continuous delivery platform, and is urging organizations with on-premises and self-managed deployments to upgrade to the fixed version or implement a security patch. About CVE-2026-44413 CVE-2026-44413 […]

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413) Read More »

BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months

BWH Hotels, data breach, Data Breaches, hotel / SecurityTicks

BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months 2026-05-12 at 17:34 By Eduard Kovacs Threat actors obtained names and contact information for an unspecified number of BWH Hotels guests. The post BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months appeared first on SecurityWeek. This article is an

BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months Read More »

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0, Malware, Malware & Threats / SecurityTicks

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware 2026-05-12 at 17:34 By Kevin Townsend CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities in development. The post Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware appeared first on SecurityWeek. This article is an

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware Read More »

Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform

Canvas, Data Breaches, education, Incident Response, Instructure, ransom payment, ShinyHunters / SecurityTicks

Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform 2026-05-12 at 17:34 By Associated Press The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of

Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform Read More »

West Pharmaceutical Services Hit by Disruptive Ransomware Attack

data breach, Data Breaches, healthcare, Ransomware, West Pharmaceutical Services / SecurityTicks

West Pharmaceutical Services Hit by Disruptive Ransomware Attack 2026-05-12 at 17:34 By Ionut Arghire The company took systems offline globally after hackers exfiltrated data and deployed file-encrypting ransomware. The post West Pharmaceutical Services Hit by Disruptive Ransomware Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

West Pharmaceutical Services Hit by Disruptive Ransomware Attack Read More »

Apple Patches Dozens of Vulnerabilities in macOS, iOS

apple, iOS, macOS, Mobile & Wireless, patches, Vulnerabilities / SecurityTicks

Apple Patches Dozens of Vulnerabilities in macOS, iOS 2026-05-12 at 17:34 By Eduard Kovacs The tech giant has also ported the patch for a recent deleted chats recovery issue to older versions of iOS. The post Apple Patches Dozens of Vulnerabilities in macOS, iOS appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Apple Patches Dozens of Vulnerabilities in macOS, iOS Read More »

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

Uncategorized / SecurityTicks

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots 2026-05-12 at 17:34 By Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots Read More »

Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help

Uncategorized / SecurityTicks

Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help 2026-05-12 at 17:34 By Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn’t always alert volume; it’s the blind spots. The most dangerous alerts are the ones no one

Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help Read More »

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

Uncategorized / SecurityTicks

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages 2026-05-12 at 17:34 By TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages Read More »

SAP Patches Critical S/4HANA, Commerce Vulnerabilities

SAP, Vulnerabilities, vulnerability / SecurityTicks

SAP Patches Critical S/4HANA, Commerce Vulnerabilities 2026-05-12 at 15:18 By Ionut Arghire The flaws could allow attackers to inject malicious code, leading to information disclosure and code execution. The post SAP Patches Critical S/4HANA, Commerce Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SAP Patches Critical S/4HANA, Commerce Vulnerabilities Read More »

5 Ways To Keep AI In Check

Uncategorized / SecurityTicks

5 Ways To Keep AI In Check 2026-05-12 at 15:02 By Prateek Temkar How to protect productivity without slowing down innovation This article is an excerpt from SECURITY.COM View Original Source

5 Ways To Keep AI In Check Read More »

Citrix moves secure access to a flexible, credit-based consumption model

Citrix, Industry news / SecurityTicks

Citrix moves secure access to a flexible, credit-based consumption model 2026-05-12 at 15:02 By Industry News Citrix has introduced Citrix Platform Flex, a secure access platform that combines software, management, and infrastructure to deliver managed desktops, enterprise browsing, and zero-trust access in a single offering. Built around workforce personas, Platform Flex replaces one-size-fits-all licensing with

Citrix moves secure access to a flexible, credit-based consumption model Read More »

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root

CVE, News, open source, software, vulnerability / SecurityTicks

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root 2026-05-12 at 14:18 By Sinisa Markovic Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root Read More »

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means

AI, Artificial Intelligence, Curl, debate, Vulnerabilities, vulnerability / SecurityTicks

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means 2026-05-12 at 14:18 By Eduard Kovacs Curl’s lead developer says Mythos claims are marketing, but many in the industry believe the results stem from Curl’s robust security. The post Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means Read More »

Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?

AI, Incident Response, security operations, SOC / SecurityTicks

Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? 2026-05-12 at 14:18 By Danelle Au Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. The post Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? appeared first on SecurityWeek. This article is an

Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? Read More »

Why Agentic AI Is Security’s Next Blind Spot

Uncategorized / SecurityTicks

Why Agentic AI Is Security’s Next Blind Spot 2026-05-12 at 14:18 By Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy:

Why Agentic AI Is Security’s Next Blind Spot Read More »

Škoda confirms unauthorized access to its online shop

car, data breach, Data Protection, News, online shopping, Privacy / SecurityTicks

Škoda confirms unauthorized access to its online shop 2026-05-12 at 13:49 By Anamarija Pogorelec Car manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed the

Škoda confirms unauthorized access to its online shop Read More »

Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign

Uncategorized / SecurityTicks

Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign 2026-05-12 at 13:20 By Threat Hunter Team Iran-linked threat actor abused signed Fortemedia and SentinelOne binaries for DLL sideloading and exfiltrated data through a public file-transfer service. This article is an excerpt from SECURITY.COM View Original Source

Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign Read More »

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Featured, Malware & Threats, Mini Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP / SecurityTicks

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack 2026-05-12 at 13:20 By Ionut Arghire Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack Read More »

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

Uncategorized / SecurityTicks

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages 2026-05-12 at 11:54 By TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages Read More »

May 2026