A proof-of-concept (PoC) exploit was published for a new Linux Local Privilege Escalation (LPE) vulnerability dubbed “PinTheft.” Discovered by Aaron Esau of the V12 security team, the flaw allows local attackers to gain root access by exploiting an RDS zerocopy…
DevilNFC Android Malware Uses Kiosk Mode to Trap Victims During NFC Relay Attacks
A dangerous new Android malware called DevilNFC has emerged, combining NFC relay attacks with a Kiosk Mode trap that locks victims inside a fake banking screen until their card data is stolen. The malware targets customers across Europe and LATAM…
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials across GitHub, AWS, Kubernetes, Vault, npm, and 1Password platforms. The post Mini Shai Hulud:…
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft
A new SHub Reaper macOS infostealer spoofs prompts from Apple, Google, and Microsoft to steal passwords, crypto data, and business files from Macs. The post Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft appeared first on TechRepublic.…
Microsoft Launches New Surface AI PCs for Business Buyers
Microsoft launched new Surface for Business PCs with Intel Core Ultra Series 3 chips, AI features, 5G options, and enterprise security tools. The post Microsoft Launches New Surface AI PCs for Business Buyers appeared first on TechRepublic. This article has…
CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository
CISA is investigating after a contractor’s public GitHub repository exposed AWS GovCloud credentials, internal files, and passwords. The post CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository appeared first on TechRepublic. This article has been indexed from Security Archives…
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537 Microsoft DirectX NULL Byte Overwrite Vulnerability CVE-2009-3459 Adobe Acrobat and Reader Heap-Based Buffer Overflow…
Securing the gaming culture of cultures
Read about the unique challenges and rewards of securing gaming platforms and how to better protect gaming communities. The post Securing the gaming culture of cultures appeared first on Microsoft Security Blog. This article has been indexed from Microsoft Security…
AWS Security Hub Extended: Why enterprise security products should sell themselves
Our largest security services customers started the same way every customer does – with a click. They enabled Amazon GuardDuty, Amazon Inspector, AWS WAF, and AWS Security Hub, experienced the benefits in real time, and evaluated with transparent pay-as-you-go pricing.…
A New York Cop Got Injured at a Boxing Match. Now Madison Square Garden Is Banning His Lawyer
Attorney John Scola is representing a police officer who is suing over injuries allegedly sustained while working security at an MSG property in 2025. This article has been indexed from Security Latest Read the original article: A New York Cop…
How to Close the Most Expensive Gap in Your SOC
There is a quiet gap inside many SOCs. It sits between the moment Tier 1 says “this should be escalated” and the moment the response team can actually act on it. Too often, the alert moves forward, but the context does not. …
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native…
Madison Square Garden Bans Lawyer Representing New York Cop Injured at a Boxing Match
Attorney John Scola is representing a police officer who is suing over injuries allegedly sustained while working security at an MSG property in 2025. This article has been indexed from Security Latest Read the original article: Madison Square Garden Bans…
Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow
The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they have moved well past answering questions and into accessing your email, retrieving records from your CRM, writing and…
IT Security News Hourly Summary 2026-05-20 18h : 15 posts
15 posts were published in the last hour 16:4 : Fake malware-signing service Fox Tempest dismantled by Microsoft 16:4 : Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass 16:4 : Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution…
Fake malware-signing service Fox Tempest dismantled by Microsoft
The service let malware authors sign malicious files with fraudulent Microsoft-issued certificates to bypass security checks. This article has been indexed from Malwarebytes Read the original article: Fake malware-signing service Fox Tempest dismantled by Microsoft
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
The exploitation is mitigated by preventing the FsTx Auto Recovery Utility from starting when the WinRE image launches. The post Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution
The new Series A funding round brings the total raised by Quantum Bridge to $16 million. The post Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Pulitzer-Winning Journalists Expose the Human Cost and Hidden Network Behind Digital Arrest Scams
Digital arrest scams in India are rapidly expanding by exploiting fear, trust, and emotional vulnerability. Pulitzer-winning journalists Suparna Sharma and Anand RK recently shed light on this growing menace through their acclaimed Bloomberg illustrated investigation, Trapped. In an interaction…
Customers say Trump Mobile is leaking their personal information
Trump Mobile is leaking customers’ email and home addresses, but has not responded to people alerting the company of the data exposure, according to two YouTubers who said they verified that their leaked data is authentic. This article has been…
Microsoft issues YellowKey mitigation, no patch yet
Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation.…
European Union Agrees to Ban AI Generated Non Consensual Sexualized Deepfakes
A temporary deal emerged Thursday between EU lawmakers and national representatives, targeting AI tools that create explicit fake images without consent. Such technology, when applied to produce child exploitation material, will also fall under the new restrictions. Agreement came…
PCPJack Worm Steals Cloud Credentials While Wiping Out TeamPCP Infections
A new malware framework called PCPJack is drawing attention because it not only steals credentials from exposed cloud systems but also wipes out traces of TeamPCP infections before taking over the environment. The campaign shows how one criminal group…
Token Pilfering: How Token Theft is Plaguing Cybersecurity
AI economy and computing threat The rising AI economy is bringing a new type of cybercrime. Cybercriminals are scamming AI firms by signing up for new accounts to steal tokens via computing power. The problem is getting worse, according to…