IT Security News Daily Summary 2026-05-12

183 posts were published in the last hour

• 21:32 : 1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin
• 21:32 : Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended
• 20:31 : Hackers accessed BWH Hotels reservation system for months
• 20:2 : Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities
• 19:32 : Iran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of Hormuz
• 19:31 : Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days
• 19:5 : IT Security News Hourly Summary 2026-05-12 21h : 8 posts
• 19:2 : Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws
• 19:2 : Critical Fortinet FortiSandbox Vulnerability Enables Code Execution Attacks
• 19:2 : Fortinet Patches Five Vulnerabilities Across FortiAP, FortiOS, and Enterprise Products
• 19:2 : Microsoft Patch Tuesday May 2026 – 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws
• 18:32 : Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
• 18:32 : Microsoft Patches 137 Vulnerabilities
• 18:32 : AI Polling Reshapes Political Research as Firms Turn Conversations Into Data
• 18:31 : India’s Cybersecurity Workforce Struggles to Keep Pace as AI and Cloud Systems Expand
• 18:2 : What Are AI Phishing Attacks? How to Spot and Stop Them
• 18:2 : Fake Claude Code Installer Targets Developers With Browser Credential Stealer
• 18:2 : New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
• 18:2 : No Blind Spots: How Top MSSPs Prevent Incidents withLive Threat Visibility
• 18:2 : Ivanti Patches Multiple Vulnerabilities in Secure Access, Xtraction, vTM and Endpoint Manager
• 18:2 : Open WebUI Vulnerability via File Upload Leads to 1-Click RCE Attack
• 17:32 : Exaforce Raises $125 Million for Agentic SOC Platform
• 17:32 : Guardrail Technologies launches Traffic Light for Code & AI™; first security technology to verify & secure AI code and the people creating it
• 17:14 : One Is a Fluke, 3 Is a Pattern: MCP Back-End Vulnerabilities
• 17:14 : Pwn2Own Berlin 2026 Hits Capacity as Rejected Hackers Release 0-Days
• 17:14 : Banks Face a Growing AI Risk at the Database Layer
• 17:14 : Over 1 Million Baby Monitors and Security Cameras Exposed Through Meari Flaws
• 17:14 : U.S. bank disclose security lapse after sharing customer data with AI app
• 17:14 : Google launches new Android security feature to help uncover spyware attacks
• 17:14 : Adobe Patches 52 Vulnerabilities in 10 Products
• 17:14 : Defending consumer web properties against modern DDoS attacks
• 17:14 : SAP unveils Autonomous Enterprise for AI-driven business operations
• 17:14 : RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
• 16:32 : You Secured the Code. Did You Secure the Model?
• 16:32 : Hackers Hijack Microsoft Teams Accounts to Deliver ModeloRAT
• 16:32 : SAP Patches Critical SQL injection Vulnerability in SAP S/4HANA
• 16:32 : New Stealthy Vidar Stealer Campaign Bypass EDR and Steal Credentials
• 16:32 : Zoom Rooms and Workplace Vulnerabilities Allow Attackers to Escalate Privileges
• 16:32 : Threat Actors Leverage Vercel’s AI Tools to Mass‑Produce Realistic Phishing Sites
• 16:31 : Fake Claude search results lure Mac users into ClickFix attack
• 16:5 : IT Security News Hourly Summary 2026-05-12 18h : 12 posts
• 16:2 : White Circle Raises $11 Million for AI Control Platform
• 16:2 : Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)
• 16:2 : Exaforce raises $125 million to respond to AI-powered attacks
• 15:32 : Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen
• 15:32 : The world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curl
• 15:32 : OpenAI Codex Bug Leads to GitHub Token Breach
• 15:32 : Ransomware Attacks Reach All Time High, Leaked Over 2.6 Billion Records
• 15:32 : Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise
• 15:32 : ThreatDown ITDR prevents credential-based attacks
• 15:32 : OpenAI Launches ‘Daybreak’ to Help Build Secure By Design Software
• 15:31 : Enabling AI sovereignty on AWS
• 15:31 : Identity takes center stage as a leading factor in enterprise cyberattacks
• 15:3 : Google Says Hackers Used AI to Build Zero-Day Exploit
• 15:3 : Subnet Solutions PowerSYSTEM Center
• 15:3 : ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
• 15:2 : US bank reports itself after slinging customer data at ‘unauthorized AI app’
• 15:2 : Friendly AI Chatbots More Likely to Give Wrong Answers, Study Finds
• 15:2 : Spotify Verified Badge Targets AI Music Confusion as Human Artist Authentication Expands
• 15:2 : Veeam Intelligent ResOps unifies data context and recovery
• 15:2 : Amazon Quick authorization bypass let users reach blocked AI chat agents
• 15:2 : Mini Shai-Hulud Hits TanStack npm Packages
• 14:32 : Idira — Our Journey to Democratize Privilege Controls
• 14:32 : BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months
• 14:32 : Instructure took a risky approach to recover stolen Canvas data
• 14:32 : Cyber Briefing: 2026.05.12
• 14:3 : Instructure strikes deal with hackers who breached it twice
• 14:2 : North Korean Hackers Weaponize Git Hooks to Deploy Cross-Platform Malware
• 14:2 : Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware
• 14:2 : General Motors to pay $12.75 million over driver data sales
• 14:2 : New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
• 13:32 : Top Video Downloaders in 2026: Why Wondershare UniConverter Remains a Strong Choice
• 13:32 : SAP Releases Patch for Critical SQL Injection Flaw in S/4HANA
• 13:32 : Threat Actors Abuse Vercel AI Tools to Mass-Produce Realistic Phishing Sites
• 13:32 : Zoom Rooms and Workplace Flaws Expose Users to Elevated Access Attacks
• 13:32 : Cyber Threats Spike in April 2026 as Ransomware Expands and Attack Volumes Climb After Short-Lived Moderation
• 13:32 : How to implement zero trust for AI
• 13:32 : Software Bill of Materials for AI – Minimum Elements
• 13:32 : Huntress and Acrisure Team Up to Offer Zero-Deductible Cyber Insurance for SMBs
• 13:32 : Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform
• 13:32 : Download: The IT and security field guide to AI adoption
• 13:5 : IT Security News Hourly Summary 2026-05-12 15h : 13 posts
• 13:2 : Cushman and Wakefield Confirms Data Breach Impacting Over 310,000 Accounts
• 13:2 : Apple Patches Dozens of Vulnerabilities in macOS, iOS
• 13:2 : West Pharmaceutical Services Hit by Disruptive Ransomware Attack
• 13:2 : End‑to‑End Encrypted RCS Messaging Arrives Across iPhone and Android
• 12:32 : Vidar Stealer Campaign Evades EDR to Steal Credentials
• 12:32 : Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor
• 12:32 : Malicious Chrome MV3 Extension Impersonates TronLink to Steal Crypto Wallet Credentials
• 12:32 : Critical “Cline” AI Agent Vulnerability Enables RCE Attacks
• 12:32 : SAP Patches Critical S/4HANA, Commerce Vulnerabilities
• 12:32 : JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)
• 12:32 : Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help
• 12:32 : CISOs Step Into AI Spotlight
• 12:32 : AI and an absent government: Takeaways from RSAC 2026
• 12:3 : Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware
• 12:3 : Cache-poisoning caper turns TanStack npm packages toxic
• 12:3 : Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence
• 12:3 : Mini Shai-Hulud Supply Chain Attack
• 12:2 : SAP fixes critical vulnerabilities in Commerce Cloud, S/4HAN
• 12:2 : Critical Infrastructure Coalition Launches
• 12:2 : Apple, Google enable E2EE RCS messaging
• 12:2 : California Settles $12.75M CCPA Case Against GM
• 11:32 : Open WebUI File Upload Vulnerability Enables 1-Click RCE Attack
• 11:32 : Hackers Hijack Microsoft Teams Accounts to Spread ModeloRAT Malware
• 11:32 : Copy.Fail Linux Vulnerability
• 11:32 : WorkNest Launches WorkNest Secure to Expand Cybersecurity and Compliance Services
• 11:32 : Claude’s Chrome Extension Vulnerability Allows Malicious Extensions to Steal Gmail and Drive Data
• 11:32 : MistralAI PyPI Package Compromised to Inject Malicious Code – Microsoft Warns
• 11:32 : Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means
• 11:32 : Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root
• 11:32 : Citrix moves secure access to a flexible, credit-based consumption model
• 11:31 : Why Agentic AI Is Security’s Next Blind Spot
• 11:2 : AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift
• 11:2 : Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?
• 10:32 : WannaCry, the ransomware attack that changed the history of cybersecurity
• 10:32 : TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
• 10:32 : Škoda confirms unauthorized access to its online shop
• 10:5 : IT Security News Hourly Summary 2026-05-12 12h : 11 posts
• 10:3 : State-sponsored actors, better known as the friends you don’t want
• 10:3 : North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware
• 10:3 : 1 in 8 employees have sold company logins or know someone who has
• 10:3 : Apple, Google drag cross-platform texting into the encrypted age
• 9:32 : Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks
• 9:32 : Cushman & Wakefield – 310,431 breached accounts
• 9:32 : TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack
• 9:32 : Magecart Hackers Abuse Google Tag Manager to Inject Credit Card Skimmers
• 9:32 : Critical PHP SOAP Extension Vulnerabilities Enables Remote Code Execution Attacks
• 9:32 : Stolen Canvas data was “returned” after hacker agreement, Instructure says
• 9:32 : Malicious Hugging Face Repository Typosquats OpenAI
• 9:3 : Santa Clara County Sues Meta Over Scam Ads
• 9:3 : Claude Chrome Extension Flaw Lets Malicious Add-Ons Steal Gmail and Drive Data
• 9:3 : Fake TronLink Chrome Extension Steals Crypto Wallet Credentials
• 9:3 : OpenAI’s Daybreak uses Codex Security to identify risky attack paths
• 9:2 : Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
• 9:2 : A.I. software flaw hackers, Forza Horizon 6 leak, Linux kernel hit again
• 8:32 : Meta Removes Full Encryption From Instagram
• 8:32 : Microsoft Warns: MistralAI PyPI Package Compromised with Malware
• 8:32 : South Staffordshire Water Fined £1m After Data Breach
• 8:5 : TikTok Scales Back AI Summaries After Bizarre Results
• 8:4 : OpenAI Daybreak Automates Detects and Fix Vulnerabilities Automatically
• 8:4 : TrickMo Android Banking Malware Targets Banking, Wallet, and Authenticator Apps
• 8:4 : PoC Exploit Released for Android Zero-Click Vulnerability that Enables Remote Shell Access
• 8:4 : OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
• 8:4 : Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
• 7:32 : Hackers Disrupt Exams With Software Breach
• 7:32 : OpenAI Daybreak Automates Vulnerability Detection and Patching
• 7:32 : Android banking Trojan TrickMo evolves using TON network for C2
• 7:32 : EU New Tech Package May Restrict Microsoft, Amazon, and Google From Handling Public Sector Sensitive Data
• 7:5 : TikTok To Introduce Paid Subscriptions In UK
• 7:5 : TikTok To Introduce Paid Subscriptions In UK
• 7:5 : Magecart Hackers Exploit Google Tag Manager to Inject Credit Card Skimmers
• 7:4 : OpenAI Launches ‘Daybreak’: GPT-5.5 Powered To Detect Sotfware Vulnerability
• 7:4 : State of ransomware in 2026
• 7:4 : New BitUnlocker Downgrade Attack on Windows 11 Allows Access to Encrypted Disks in 5 Minutes
• 6:31 : iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
• 6:5 : 84 npm Packages Linked to TanStack Hit by Supply-Chain Breach
• 6:5 : Checkmarx Jenkins AST Plugin Compromised in KICS Supply Chain Attack
• 6:5 : BitUnlocker Downgrade Attack Bypasses Windows 11 Disk Encryption in Minutes
• 6:4 : Canvas cyberattack disrupts universities as ShinyHunters threatens massive data leak
• 6:4 : JUPITER supercomputer breaks world record with 50-qubit quantum simulation
• 6:4 : Japan’s PM orders cybersecurity review to stop Mythos going full CyberZilla
• 5:32 : Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
• 5:32 : TrickMo Android Malware Targets Banking, Wallet, and Authenticator Apps
• 5:31 : Google Warns Hackers Are Using AI to Build Working Zero-Day Exploits
• 5:31 : HEIDI: Free IDE security plugin for open-source vulnerability checks
• 5:4 : Eyes wide open: How to mitigate the security and privacy risks of smart glasses
• 4:32 : Hackers Abuse CVE-2026-41940 to Take Over cPanel and WHM Servers
• 4:32 : New BitUnlocker Downgrade Attack on Windows 11 Allows Access to Encrypted Disks Within 5 Minutes
• 4:32 : Why Europe Is Rethinking Its Dependence on US Cloud Providers
• 4:32 : The hidden smart fridge risks that emerge years after purchase
• 4:5 : IT Security News Hourly Summary 2026-05-12 06h : 2 posts
• 4:4 : Cybersecurity jobs available right now: May 12, 2026
• 3:31 : ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928, (Tue, May 12th)
• 3:4 : 84 TanStack npm Packages Hacked in Ongoing Supply-Chain Attack Targeting CI Credentials
• 2:6 : 2026-05-11: Google ad for Claude leads to macOS malware infection
• 0:2 : 2026-05-11: Google ad for Homebrew leads to macOS malware infection
• 23:31 : Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline
• 22:33 : Apple Patches Everything, (Mon, May 11th)
• 22:5 : IT Security News Hourly Summary 2026-05-12 00h : 3 posts
• 22:3 : Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools
• 22:3 : Google Says Hackers Used AI to Develop a Zero-Day Exploit
• 21:55 : IT Security News Daily Summary 2026-05-11