SecurityTicks

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, vulnerability /

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) 2026-05-15 at 14:32 By Zeljka Zorz A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of […]

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) Read More »

Thieves unlock stolen iPhones using cheap tools sold on Telegram

apple, cybercrime, Infoblox, iPhone, News, social engineering, Telegram /

Thieves unlock stolen iPhones using cheap tools sold on Telegram 2026-05-15 at 14:32 By Sinisa Markovic Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure used to monetize stolen iPhones. Activation Lock can remotely disable a stolen iPhone and prevent normal resale, with

Thieves unlock stolen iPhones using cheap tools sold on Telegram Read More »

Rocky Linux launches opt-in security repository for urgent fixes

cybersecurity, Linux, News, operating system /

Rocky Linux launches opt-in security repository for urgent fixes 2026-05-15 at 14:32 By Sinisa Markovic Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists and upstream patches are unavailable. “The repository is disabled by default. That’s intentional. The

Rocky Linux launches opt-in security repository for urgent fixes Read More »

American Lending Center Data Breach Affects 123,000 Individuals

ALC, American Lending Center, data breach, Data Breaches, Ransomware /

American Lending Center Data Breach Affects 123,000 Individuals 2026-05-15 at 14:32 By Eduard Kovacs The non-bank lender discovered a ransomware attack nearly one year ago, but only recently completed its investigation. The post American Lending Center Data Breach Affects 123,000 Individuals appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

American Lending Center Data Breach Affects 123,000 Individuals Read More »

OpenAI Hit by TanStack Supply Chain Attack

AI, Artificial Intelligence, certificates, OpenAI, supply chain attack, Supply Chain Security, TanStack /

OpenAI Hit by TanStack Supply Chain Attack 2026-05-15 at 14:32 By Ionut Arghire Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

OpenAI Hit by TanStack Supply Chain Attack Read More »

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

Malware, Malware & Threats, Shai-Hulud, source code, Supply Chain Security, TeamPCP, worm /

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code 2026-05-15 at 14:32 By Ionut Arghire The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code Read More »

Keycard helps developers secure autonomous AI agents with scoped access

Industry news, Keycard /

Keycard helps developers secure autonomous AI agents with scoped access 2026-05-15 at 11:02 By Industry News Keycard has announced Keycard for Multi-Agent Apps, extending its platform to support delegated, session-based access across systems of autonomous agents. Keycard lets developers build apps where every agent has its own identity, access is scoped to each task and

Keycard helps developers secure autonomous AI agents with scoped access Read More »

Chrome 148 Update Patches Critical Vulnerabilities

Chrome, Vulnerabilities, vulnerability /

Chrome 148 Update Patches Critical Vulnerabilities 2026-05-15 at 11:02 By Ionut Arghire The refresh resolves critical-severity use-after-free and other types of bugs in various browser components. The post Chrome 148 Update Patches Critical Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 148 Update Patches Critical Vulnerabilities Read More »

Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026

Cisco, exploited, Featured, SD-WAN, UAT-8616, Vulnerabilities, Zero-Day /

Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 2026-05-15 at 10:16 By Eduard Kovacs The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616. The post Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 appeared first on SecurityWeek. This article is an

Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 Read More »

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Uncategorized /

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email 2026-05-15 at 10:16 By Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email Read More »

Deepfake detection is losing ground to generative models

cybersecurity, deepfakes, Don't miss, News, research /

Deepfake detection is losing ground to generative models 2026-05-15 at 09:04 By Sinisa Markovic Deepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial detectors analyze pixels, frequencies, and biometric signals to answer that question, and the best of

Deepfake detection is losing ground to generative models Read More »

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

Uncategorized /

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits 2026-05-15 at 09:04 By The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17,

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits Read More »

Zombie linkages are keeping expired domains trusted for years

certificates, DNS, domain information, News, research /

Zombie linkages are keeping expired domains trusted for years 2026-05-15 at 08:24 By Sinisa Markovic Domains expire, get transferred, and return to the market every day. The systems connected to those domains can continue trusting the original owner long after control has changed. Researchers at USC and the University of Twente examined this problem in

Zombie linkages are keeping expired domains trusted for years Read More »

AI-powered bank founded by Peter Thiel protégé wants to replace humans with code — will it work?

Uncategorized /

AI-powered bank founded by Peter Thiel protégé wants to replace humans with code — will it work? 2026-05-15 at 07:37 By Thomas Barrabi Augustus Bank – named after the Roman emperor – revealed earlier this week that it had received conditional approval from the Office of the Comptroller of the Currency. Ferdinand Dabitz is the

AI-powered bank founded by Peter Thiel protégé wants to replace humans with code — will it work? Read More »

Lawyers for Elon Musk, Sam Altman wind down OpenAI trial with testy parting shots

Uncategorized /

Lawyers for Elon Musk, Sam Altman wind down OpenAI trial with testy parting shots 2026-05-15 at 07:37 By Marc Vartabedian Lawyers for the OpenAI co-founders turned rivals Elon Musk and Sam Altman took final digs at their counterparties and reminded jurors of embarrassing anecdotes Thursday during closing statements in the bombshell case over the future

Lawyers for Elon Musk, Sam Altman wind down OpenAI trial with testy parting shots Read More »

The AI oversight paradox: Is the investment worth the cost of watching it?

AI, investment, News, report, security ROI /

The AI oversight paradox: Is the investment worth the cost of watching it? 2026-05-15 at 07:30 By Anamarija Pogorelec Unlike in 2025, when AI adoption and testing drove business strategies, organizations in 2026 want proven ROI before committing budgets, according to a report by Globalization Partners. How global executives characterize their organization’s approach to AI

The AI oversight paradox: Is the investment worth the cost of watching it? Read More »

New infosec products of the week: May 15, 2026

Alation, Apricorn, News, Versa Networks /

New infosec products of the week: May 15, 2026 2026-05-15 at 07:00 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week Alation, Apricorn, Versa Networks, and TrustCloud. The questionnaire-based TPRM model is broken, and TrustCloud has a fix TrustCloud announced a new version of TrustLens, its third party risk

New infosec products of the week: May 15, 2026 Read More »

‘New opportunities for fraudsters’: Alarming report reveals AI chatbots are doxxing users’ real phone numbers

Uncategorized /

‘New opportunities for fraudsters’: Alarming report reveals AI chatbots are doxxing users’ real phone numbers 2026-05-14 at 23:17 By Marissa Matozzo Your phone number called shotgun on the AI trainwreck — and now strangers won’t stop dialing. This article is an excerpt from Latest Technology News | New York Post View Original Source

‘New opportunities for fraudsters’: Alarming report reveals AI chatbots are doxxing users’ real phone numbers Read More »

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Uncategorized /

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets 2026-05-14 at 21:50 By Cybersecurity researchers are sounding the alarm about what has been described as “malicious activity” in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious – [email protected] [email protected] [email protected]

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets Read More »

Scroll to Top