Hot stuff

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise 2026-05-21 at 16:56 By Zeljka Zorz GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of […]

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise Read More »

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) 2026-05-21 at 14:22 By Zeljka Zorz Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (LPE), and is caused by the Microsoft Malware

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) Read More »

Why AI changed the threat model for travel technology

Why AI changed the threat model for travel technology 2026-05-21 at 09:16 By Mirko Zorz In this Help Net Security interview, Devon Bryan, SVP, Global CSO at Booking Holdings, reflects on his path from Air Force network security engineer to global CSO across financial services, hospitality, and travel technology. He discusses why the travel industry’s

Why AI changed the threat model for travel technology Read More »

AI red teaming agents change how LLMs get tested

AI red teaming agents change how LLMs get tested 2026-05-21 at 08:00 By Mirko Zorz Adversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Crescendo, and Skeleton Key sit alongside hundreds of prompt transforms and scoring methods across open-source

AI red teaming agents change how LLMs get tested Read More »

Webworm APT targets European government organizations with new backdoors

Webworm APT targets European government organizations with new backdoors 2026-05-20 at 17:48 By Anamarija Pogorelec ESET has released an analysis of the 2025 activity of Webworm, a China-aligned APT group tracked as Space Pirates and UAT-8302. Active since at least 2022, the group initially focused on targets in Asia, but has recently expanded its operations

Webworm APT targets European government organizations with new backdoors Read More »

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector 2026-05-20 at 17:16 By Zeljka Zorz Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector Read More »

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension 2026-05-20 at 13:47 By Zeljka Zorz Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Read More »

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) 2026-05-20 at 11:49 By Zeljka Zorz Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) Read More »

Communicating cyber risk in dollars boards understand

Communicating cyber risk in dollars boards understand 2026-05-20 at 09:34 By Mirko Zorz In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting people, processes, and

Communicating cyber risk in dollars boards understand Read More »

PureLogs infostealer is stealing credentials worldwide

PureLogs infostealer is stealing credentials worldwide 2026-05-19 at 16:58 By Zeljka Zorz A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, Fortinet researchers discovered. The attack The attack starts with a phishing email containing a TXZ archive and using an invoice-themed lure

PureLogs infostealer is stealing credentials worldwide Read More »

Earbud sensors can authenticate users by their heartbeat, study finds

Earbud sensors can authenticate users by their heartbeat, study finds 2026-05-19 at 09:17 By Mirko Zorz Researchers built a continuous authentication system called AccLock that identifies a wearer by the tiny vibrations a heartbeat makes inside the ear canal. The signal comes from an accelerometer of the kind already sitting inside many wireless earbuds, so

Earbud sensors can authenticate users by their heartbeat, study finds Read More »

AI is drowning software maintainers in junk security reports

AI is drowning software maintainers in junk security reports 2026-05-18 at 21:32 By Zeljka Zorz AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. Linus Torvalds, the Linux kernel’s creator, says the flood has made the project’s

AI is drowning software maintainers in junk security reports Read More »

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) 2026-05-18 at 16:32 By Zeljka Zorz A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and can potentially allow for unauthenticated remote

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) Read More »

Attackers accessed, downloaded code from Grafana Labs’ GitHub

Attackers accessed, downloaded code from Grafana Labs’ GitHub 2026-05-18 at 12:57 By Zeljka Zorz A threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization firm announced on Sunday. The breach is significant given Grafana Labs’ widespread use across enterprise engineering and DevOps teams

Attackers accessed, downloaded code from Grafana Labs’ GitHub Read More »

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182) 2026-05-15 at 16:07 By Zeljka Zorz Cisco has patched yet another Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) that has been exploited as a zero-day by “a highly sophisticated cyber threat actor”. About CVE-2026-20182 CVE-2026-20182 – affecting both Cisco Catalyst SD-WAN Controller (the “brain” of the Cisco

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182) Read More »

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) 2026-05-15 at 14:32 By Zeljka Zorz A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) Read More »

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) 2026-05-14 at 17:34 By Zeljka Zorz Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) Read More »

Vector embedding security gap exposes enterprise AI pipelines

Vector embedding security gap exposes enterprise AI pipelines 2026-05-14 at 08:30 By Mirko Zorz Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies deploying internal AI assistants convert documents into high-dimensional numerical vectors and ship them to embedding services and vector databases

Vector embedding security gap exposes enterprise AI pipelines Read More »

Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days

Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days 2026-05-13 at 00:31 By Zeljka Zorz Microsoft has marked May 2026 Patch Tuesday by releasing fixes for 120+ CVE-numbered vulnerabilities, none of which (for a change) are actively exploited or have been publicly disclosed. Still, some deserve more consideration and should be addressed sooner than

Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days Read More »

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) 2026-05-12 at 20:12 By Zeljka Zorz Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) Read More »

Scroll to Top