The convergence of failed critical security updates, dozens of newly discovered zero-day exploits, and large-scale academic data breaches highlights a high-risk environment currently being countered This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.05.19
Category: EN
Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM
Torrance, United States / California, 19th May 2026, CyberNewswire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI &…
The Network Security Problem No One Could Solve – Until Now.
Networks used to be simple. A perimeter. A data center. A set of rules a single engineer could hold in their head. That world is long gone. Every wave of enterprise transformation – cloud migration, M&A, hybrid multi-cloud, IoT, remote…
Nx Console VS Code Extension Compromised to Steal Developer and Cloud Secrets
A widely used Visual Studio Code extension was quietly turned into a credential-stealing tool in May 2026, putting millions of developers at serious risk without warning. The Nx Console extension, which has over 2.2 million installations, was compromised when attackers…
New VoidStealer Malware Bypasses Chrome’s App-Bound Encryption to Steal Passwords and Cookies
A newly discovered malware called VoidStealer has emerged as a serious threat to Chrome users on Windows, using a clever technique to bypass one of the browser’s most important security features. The malware targets Chrome’s App-Bound Encryption, a protection layer…
Facebook scam promises cheap Aldi meat boxes, steals payment info instead
A fake Aldi “meat box” offer spreading on Facebook tricks victims into handing over personal and payment info. This article has been indexed from Malwarebytes Read the original article: Facebook scam promises cheap Aldi meat boxes, steals payment info instead
Selector extends AI-driven observability into multi-cloud environments
Selector has announced the expansion of its platform with AI-powered multi-cloud observability capabilities. The extension of Selector’s AI-driven observability approach into multi-cloud environments enables organizations to correlate signals across the full hybrid path. By unifying rich telemetry data from cloud,…
PureLogs infostealer is stealing credentials worldwide
A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, Fortinet researchers discovered. The attack The attack starts with a phishing email containing a TXZ archive and using…
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud
In this blog entry, researchers from the TrendAI™ MDR team discuss how they mapped the full end-to-end operation of SHADOW-WATER-063’s Banana RAT banking malware by analyzing server-side artifacts and victim-side data. This article has been indexed from Trend Micro Research,…
Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report
New York, United States, 19th May 2026, CyberNewswire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity…
UAC-0184 Uses Bitsadmin and HTA Files to Deliver Gated Malware
UAC-0184 uses a multi‑stage malware chain that abuses bitsadmin and HTA loaders to reach a heavily obfuscated payload bundle, ultimately hiding behind signed binaries such as VSLauncher.exe and PassMark Endpoint to gain stealthy network access on Ukrainian military networks. CERT‑UA…
VoidStealer Malware Targets Chrome Data Despite Built-In Browser Protections
A newly discovered infostealer called VoidStealer is raising concerns after researchers revealed it can bypass Google Chrome’s App-Bound Encryption (ABE), a security feature designed to protect sensitive browser data. The malware introduces a novel technique that allows attackers to extract encryption keys…
Zero Day Microsoft Exchange Servers On Target | CVE-2026-42897
A severe zero-day vulnerability in Microsoft Exchange Server is currently being exploited in the wild by threat actors.… The post Zero Day Microsoft Exchange Servers On Target | CVE-2026-42897 appeared first on Hackers Online Club. This article has been indexed…
Unpatched ChromaDB Vulnerability Can Lead to Server Takeover
The security defect can be exploited remotely, without authentication, to execute arbitrary code and leak sensitive information. The post Unpatched ChromaDB Vulnerability Can Lead to Server Takeover appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fake software downloads, and LOLBIN-based attack chains. The post Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks appeared first on…
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password managers, and cryptocurrency wallets while establishing persistence for continued access, SentinelOne found. ClickFix gives way to…
Canonical ships Ubuntu Core 26 with 15 years of security maintenance
Operators of industrial sensors, edge AI controllers, and connected medical equipment now have a refreshed long-term Linux option for fleets that must stay patched for more than a decade. Canonical released Ubuntu Core 26, the latest long-term supported version of…
LaunchDarkly adds real-time controls for AI agents in production
LaunchDarkly has launched AgentControl, a new solution that gives software teams real-time control over AI agents in production. With AgentControl, teams can change how an agent behaves at runtime without redeploying the underlying application. As AI agents move into production,…
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
Drupal has issued an alert stating that it intends to release a “core security release” for all supported branches on May 20, 2026, from 5-9 p.m. UTC. “The Drupal Security Team urges you to reserve time for core updates at…
The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short…