This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, May 19th, 2026…
CTT – 468,124 breached accounts
In April 2026, data allegedly obtained from CTT, Portugal’s national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to…
Are Attackers Hiding Inside Your Network Traffic?
Spur Intelligence found attackers increasingly using VPNs and residential proxies to hide malicious activity in legitimate traffic. The post Are Attackers Hiding Inside Your Network Traffic? appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Do fear the Reaper – stealer swipes macOS users’ passwords, wallets, then backdoors them
While also spoofing all the trusted domains – Apple, Microsoft, and Google – in the same attack This article has been indexed from www.theregister.com – Articles Read the original article: Do fear the Reaper – stealer swipes macOS users’ passwords,…
How Storm-2949 turned a compromised identity into a cloud-wide breach
Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operate undetected. The post How Storm-2949 turned a compromised identity…
Shai-Hulud copycat worm infects yet another npm package
Plus three other stealers in three other packages, all from the same scumbag This article has been indexed from www.theregister.com – Articles Read the original article: Shai-Hulud copycat worm infects yet another npm package
IT Security News Hourly Summary 2026-05-19 00h : 2 posts
2 posts were published in the last hour 22:3 : Addi – 34,532,941 breached accounts 21:55 : IT Security News Daily Summary 2026-05-18
Addi – 34,532,941 breached accounts
In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that “it is possible that your personal information may have been compromised”. The “pay or leak” extortion group ShinyHunters subsequently claimed responsibility and…
IT Security News Daily Summary 2026-05-18
149 posts were published in the last hour 21:4 : Securing Everything: Mapping the Right Identity and Access Protocol (OIDC, OAuth2, and SAML) to the Right Identity 21:4 : CISA Admin Leaked AWS GovCloud Keys on Github 20:32 : TeamPCP…
Securing Everything: Mapping the Right Identity and Access Protocol (OIDC, OAuth2, and SAML) to the Right Identity
Overview Identity and access security is built on two fundamental requirements: Authentication (AuthN) — who you are, and Authorization (AuthZ) — what you are allowed to do. Every secure system must answer both questions clearly and consistently. In modern architecture,…
CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said…
TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)
Since the last update, the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jenkins plugin compromise and a new self-spreading Mini Shai-Hulud worm across npm and PyPI. This article has been…
CVE-2026-42945: Mitigating a Critical Heap Buffer Overflow Vulnerability in NGINX
Discover CVE-2026-42945 (NGINX Rift), a critical heap buffer overflow vulnerability. Learn about the affected versions and critical patch updates. This article has been indexed from Blog Read the original article: CVE-2026-42945: Mitigating a Critical Heap Buffer Overflow Vulnerability in NGINX
10 Top OSINT Tools Every Investigator Should Know in 2026
Modern OSINT platforms rely more on AI and automation, while older social tracking methods keep losing access due to privacy and API restrictions. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…
Vulnerability Summary for the Week of May 11, 2026
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info acl–ACL Analytics ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers…
OpenClaw Vulnerabilities Could Enable Full AI Agent Takeover
Cyera disclosed four OpenClaw flaws that could enable AI agent compromise and privilege escalation. The post OpenClaw Vulnerabilities Could Enable Full AI Agent Takeover appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
NYC Health + Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people
The New York public healthcare system said hackers stole personal and medical data, and scans of biometrics — including fingerprints — in one of the largest recorded breaches of 2026. This article has been indexed from Security News | TechCrunch…
Grafana confirms GitHub token breach cybercrime group claims the attack
Grafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data…
New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords
The newly discovered Reaper malware bypasses Apple’s macOS Tahoe 26.4 security updates to steal passwords, crypto assets, and install a permanent backdoor. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original…
Banned Nvidia AI Chips Keep Reaching China Despite US Crackdown
US export-control cases show how Nvidia chips and other restricted tech are allegedly diverted to China and Russia through shell firms and intermediaries. The post Banned Nvidia AI Chips Keep Reaching China Despite US Crackdown appeared first on TechRepublic. This…
Apple’s Siri Revamp May Add Auto-Deleting Chats
Apple’s reported Siri revamp may add auto-deleting AI chats as the company prepares a privacy-focused software push at WWDC 2026. The post Apple’s Siri Revamp May Add Auto-Deleting Chats appeared first on TechRepublic. This article has been indexed from Security…
Device Code Phishing Targets Microsoft 365 Users
Proofpoint warns that device code phishing attacks are rapidly growing across Microsoft 365 environments. The post Device Code Phishing Targets Microsoft 365 Users appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article:…
Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild
Hackers are wasting no time exploiting a newly disclosed critical vulnerability in NGINX, with security researchers already observing real-world attacks just days after its public release. Security researcher Patrick Garrity from VulnCheck revealed that threat actors are actively targeting CVE-2026-42945,…
AI is drowning software maintainers in junk security reports
AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. Linus Torvalds, the Linux kernel’s creator, says the flood has made the project’s…