IT Security News Weekly Summary 20

210 posts were published in the last hour

• 21:55 : IT Security News Daily Summary 2026-05-17
• 16:32 : Ubuntu DDoS Attack Disrupts Installs Updates and Canonical Infrastructure
• 16:32 : Quasar Linux Malware Targets Developers in Stealthy Supply Chain Attack
• 15:2 : NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
• 14:32 : SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97
• 13:32 : Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores
• 13:32 : Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION
• 13:32 : Why Is Cybersecurity Now A Business Priority, Not Just An IT Function?
• 13:5 : IT Security News Hourly Summary 2026-05-17 15h : 4 posts
• 13:2 : Ubuntu Services Remain Disrupted After DDoS Attack Targets Canonical Infrastructure
• 13:2 : Apple Account Data and Bluetooth Signals Tie Suspect to Crypto Robbery
• 13:2 : High Court Squashes Ban for Sim-Swap Fraud, Says Zero Customer Liability
• 12:8 : Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases
• 10:34 : Grafana Says It Rejected Ransom Demand After Source Code Theft
• 10:5 : IT Security News Hourly Summary 2026-05-17 12h : 1 posts
• 10:2 : Grafana Labs Security Breach – Hackers Access GitHub and Download Codebase
• 8:36 : Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited
• 8:6 : Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
• 8:6 : Meta Launches Incognito Chat With Meta AI for Private Conversations on WhatsApp and Meta AI App
• 4:5 : IT Security News Hourly Summary 2026-05-17 06h : 1 posts
• 3:33 : First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days
• 1:36 : Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total
• 22:5 : IT Security News Hourly Summary 2026-05-17 00h : 1 posts
• 21:55 : IT Security News Daily Summary 2026-05-16
• 19:5 : IT Security News Hourly Summary 2026-05-16 21h : 1 posts
• 18:32 : U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog
• 17:32 : Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
• 16:32 : Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
• 16:32 : Trusted Tools Becoming the New Cybersecurity Threat, Says Bitdefender Report
• 16:32 : ShinyHunters Vimeo Data Breach Exposes Information of Over 119,000 Users
• 16:32 : Linux Copy Fail Vulnerability Puts Major Systems at Risk
• 16:32 : Hacker Claims of Stealing Data from 8,809 Education Institutes, Instructure Hacked
• 16:32 : Critical OpenClaw Flaws Allow Persistent Access and Credential Abuse
• 16:5 : IT Security News Hourly Summary 2026-05-16 18h : 1 posts
• 16:2 : Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More
• 13:5 : IT Security News Hourly Summary 2026-05-16 15h : 3 posts
• 13:2 : Timeline of Iran’s Nuclear Program and the Stuxnet and Fast16 Attacks
• 13:2 : Experts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests, Likely in Iran
• 13:2 : The Security Mistakes Being Repeated With Ai
• 11:3 : JDownloader Website Hack Exposes Windows and Linux Users to Malicious Installers
• 11:2 : Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording
• 11:2 : JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers
• 11:2 : Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2
• 10:32 : AI Voice Cloning: The Technology Behind It, Who’s Building It, and Where It’s Headed
• 10:32 : OpenAI hit by supply chain attack linked to malicious TanStack packages
• 10:32 : PoC Code Published for Critical NGINX Vulnerability
• 10:5 : IT Security News Hourly Summary 2026-05-16 12h : 2 posts
• 9:32 : Critical ‘Claw Chain’ Vulnerabilities Put Thousands of OpenClaw AI Servers at Risk
• 9:32 : Malicious JPEG Images Could Trigger PHP Memory Safety Vulnerabilities
• 8:32 : Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords
• 8:2 : Linux “ssh-keysign-pwn” Flaw Exposing Critical Authentication Files
• 7:5 : IT Security News Hourly Summary 2026-05-16 09h : 1 posts
• 7:2 : Why geopolitical turmoil is a gift for scammers, and how to stay safe
• 5:2 : Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices
• 4:32 : Inside CIRA: How Canada’s .ca Registry Became a Global DNS & Cybersecurity Force
• 4:5 : IT Security News Hourly Summary 2026-05-16 06h : 1 posts
• 3:32 : Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address
• 2:32 : CVE-2026-42945: Imperva Customers Protected Against Critical NGINX Rewrite Module Vulnerability
• 2:2 : AI-Driven Cyberattacks and Global Cybersecurity Shortages Raise Fears of an AI Bugocalypse
• 2:2 : Hackers Exploit cPanel Flaw to Gain Control of Thousands of Websites
• 2:2 : Instructure Confirms Data Breach as ShinyHunters Claims Responsibility
• 2:2 : Cybersecurity Can No Longer Be Left to IT Teams Alone, Experts Warn
• 1:32 : Friday Squid Blogging: Bigfin Squid
• 23:2 : Instructure cyberattack reignites ransom payment debate
• 22:32 : Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K
• 22:5 : IT Security News Hourly Summary 2026-05-16 00h : 2 posts
• 21:55 : IT Security News Daily Summary 2026-05-15
• 21:32 : The Department of Know: GemStuffer attack, AI SBOMs, and AI-created zero-days
• 21:2 : The Next Cybersecurity Challenge May Be Verifying AI Agents
• 19:5 : IT Security News Hourly Summary 2026-05-15 21h : 4 posts
• 19:2 : Two Unpatched Windows Exploits Target BitLocker, SYSTEM Access
• 19:2 : OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack
• 19:2 : A hotel check-in system left a million passports and driver’s licenses open for anyone to see
• 19:2 : Reducing CVE fatigue with Red Hat Hardened Images and Anchore
• 18:2 : CISA Adds One Known Exploited Vulnerability to Catalog
• 18:2 : The AWS AI Security Framework: Securing AI with the right controls, at the right layers, at the right phases
• 17:32 : Welcome to BlackFile: Inside a Vishing Extortion Operation
• 17:32 : Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
• 17:2 : Hackers Use PyInstaller and AMSI Patching to Deliver XWorm RAT v7.4
• 16:32 : Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller
• 16:5 : IT Security News Hourly Summary 2026-05-15 18h : 12 posts
• 16:3 : Mini Shai-Hulud: The Worm Returns and Goes Public
• 16:3 : RaccoonLine Publishes Analysis of VPN Data Disclosure Risks and the Shift Toward Decentralized Routing
• 16:3 : US orders travelers on Air Force One to throw away gifts, pins, and burner phones after China trip
• 16:3 : PureLogs: Delivery via PawsRunner Steganography
• 16:3 : Microsoft Edge, Windows 11 and LiteLLM Hacked in Pwn2Own Berlin 2026
• 16:3 : Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens
• 16:3 : Shai-Hulud Worm Steals npm, GitHub, AWS, and Kubernetes Secrets From Developers
• 16:3 : OpenClaw Chain Vulnerabilities Expose 245,000 Public AI Agent Servers to Attack
• 16:3 : Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker
• 16:2 : Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
• 16:2 : MSPs need AI to fight AI-fueled cyberthreats: Guardz
• 15:32 : Context-Aware Authorization for AI Agents
• 15:3 : In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
• 15:3 : New ChatGPT Settings Will Improve User Privacy and Data Training
• 14:32 : The First AI-Crafted Zero-Day Was Easy to Spot. The Next One May Not Be
• 14:32 : 6 Best VPNs for Canada in 2026 (Free & Paid Options Compared)
• 14:32 : Google’s Default 15GB Free Storage Is Ending for Some New Accounts
• 14:32 : 7AI Uncovers Browser Extension Campaign Evading EDR Defenses
• 14:32 : CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day
• 14:32 : Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
• 14:32 : Cyber Briefing: 2026.05.15
• 13:34 : Gunra Ransomware Expands RaaS After Conti Locker Shift
• 13:34 : What is CI/CD Pipeline?
• 13:34 : Tycoon 2FA Operators Adopt OAuth Device Code Phishing to Bypass MFA
• 13:34 : Microsoft Warns of Attackers Using Trusted HPE Operations Agent for Malware-Free Intrusions
• 13:34 : Hackers Use OrBit Rootkit to Harvest SSH and Sudo Credentials From Linux Systems
• 13:34 : Attackers replaced JDownloader installer downloads with malware
• 13:5 : IT Security News Hourly Summary 2026-05-15 15h : 19 posts
• 13:3 : Shai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS & Kubernetes
• 13:3 : VMware Fusion Flaw Could Allow Attackers to Gain Root Privileges
• 13:3 : The Case for a Vulnerability Operations Center
• 13:3 : Illicit Enterprise: An Anatomy of the Modern Underground Phishing Marketplace
• 13:3 : Cybersecurity Insider Survey: AI Is Fueling a New Generation of Threat Actors
• 13:3 : The Hidden Risk For IT Subcontractors: When Insurance, Not Security, Costs You The Contract
• 13:3 : Meta’s confusing new approach to chat privacy
• 13:3 : Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)
• 13:3 : Google lets Workspace admins apply one policy across all SAML apps
• 13:3 : Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers
• 13:3 : OpenAI Compromised in TanStack Supply Chain Attack
• 13:3 : Japan’s Banks Use Claude for Cybersecurity Testing
• 13:3 : UK King’s Speech Emphasizes Cyber Resilience
• 13:2 : OpenAI faces class-action privacy lawsuit over data sharing
• 13:2 : Scott Lashway Named to Cybersecurity Docket’s 2026 Elite Lis
• 12:32 : Hackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens
• 12:32 : Google Project Zero Details Pixel 10 Zero-Click Exploit Chain
• 12:32 : Your Identity Governance Is Lying to You
• 12:32 : Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild
• 12:3 : PraisonAI Vulnerability Actively Exploited Within Hours of Being Made Public
• 12:3 : TeamPCP Hackers Abuse CI/CD Pipelines to Steal Developer and Cloud Credentials
• 12:3 : Multiple cPanel Vulnerabilities Allows Access to Sensitive System Resources
• 12:3 : Amazon Redshift JDBC Driver Vulnerabilities Enables Remote Code Execution Attacks
• 12:2 : PraisonAI Vulnerability Exploited Within Hours of Public Disclosure
• 12:2 : TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
• 12:2 : What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
• 11:32 : Ghostwriter group resumes attacks on Ukrainian Government targets
• 11:32 : Bypassing On-Camera Age-Verification Checks
• 11:32 : American Lending Center Data Breach Affects 123,000 Individuals
• 11:32 : Akamai to acquire LayerX for $205 million
• 11:2 : OrBit Rootkit Targets Linux to Steal SSH and Sudo Credentials
• 11:2 : OpenAI Hit by TanStack Supply Chain Attack
• 11:2 : Thieves unlock stolen iPhones using cheap tools sold on Telegram
• 10:32 : Gremlin Stealer’s Evolved Tactics: Hiding in Plain Sight With Resource Files
• 10:32 : CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions
• 10:32 : Microsoft Warns HPE Operations Agent Abused in Malware-Free Attacks
• 10:32 : OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
• 10:32 : Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)
• 10:5 : IT Security News Hourly Summary 2026-05-15 12h : 6 posts
• 10:2 : TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
• 10:2 : Rocky Linux launches opt-in security repository for urgent fixes
• 9:32 : Microsoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026
• 9:32 : Hackers Abuse Scheduled Tasks to Maintain Persistence in FrostyNeighbor Attacks
• 9:32 : VMware Fusion Vulnerability Let Attackers Escalate Privilege to Root
• 9:32 : Microsoft Details Kazuar Malware’s Modular Architecture and P2P Botnet Operations
• 9:3 : Amazon Redshift JDBC Driver Flaws Expose Systems to RCE Attacks
• 9:3 : Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA
• 9:3 : Tenable warns AI adoption is outpacing governance as cloud exposure risks surge
• 9:3 : Cyberattack on West Pharmaceutical halts manufacturing across multiple sites
• 9:3 : Beyond deepfakes: Building identity resilience against AI impersonation
• 9:3 : MPs want social media treated more like unsafe toys than harmless apps
• 8:3 : Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical
• 8:3 : Multiple cPanel Vulnerabilities Could Lead to Sensitive Resource Exposure
• 8:3 : Critical Next.js Vulnerability Exposes Cloud Credentials, API keys, and Admin Panels
• 8:3 : Critical Microsoft Exchange Server Vulnerability Actively Exploited in Attacks
• 8:3 : 79 Chrome Vulnerabilities Patched, Including 14 Critical One’s – Update Now!
• 8:3 : China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer
• 7:33 : UK Regulator Begins Microsoft Software Probe
• 7:33 : Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access
• 7:33 : FrostyNeighbor: Fresh mischief and digital shenanigans
• 7:33 : Researchers uncover YellowKey and GreenPlasma Windows Zero-Days
• 7:32 : Chrome 148 Update Patches Critical Vulnerabilities
• 7:32 : Keycard helps developers secure autonomous AI agents with scoped access
• 7:32 : G7 releases AI SBOM, DELL SupportAssist BSOD, Dirty Frag sequel
• 7:5 : IT Security News Hourly Summary 2026-05-15 09h : 10 posts
• 7:3 : [Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)
• 7:2 : Employees Report AI ‘Brain Fry’
• 7:2 : TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials
• 7:2 : On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
• 6:32 : Microsoft Exposes Kazuar Malware’s Modular P2P Botnet Architecture
• 6:32 : Next.js Security Flaw Leaks Cloud Credentials, API Keys, and Admin Interfaces
• 6:32 : Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall
• 6:32 : Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
• 6:32 : MDASH AI Helps Microsoft Detect 16 Critical Windows Security Flaws
• 6:5 : Indian Banks Step Up IT Spending Over AI Security Fears
• 6:4 : Deepfake detection is losing ground to generative models
• 6:4 : CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
• 5:32 : Dell SupportAssist Update Forces Windows Systems Into BSOD Loop
• 5:32 : Hackers Exploit Scheduled Tasks for Persistence in FrostyNeighbor Attacks
• 5:32 : Palo Alto Firewalls Hit by Zero-Day Allowing Arbitrary Code Execution as Root
• 5:32 : Zombie linkages are keeping expired domains trusted for years
• 5:2 : Popular node-ipc npm Library Hit by Supply Chain Attack, Impacting 822K Weekly Downloads
• 5:2 : The AI oversight paradox: Is the investment worth the cost of watching it?
• 4:32 : ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)
• 4:32 : Cisco Catalyst SD-WAN Controller 0-Day Actively Exploited to Gain Admin Access
• 4:32 : OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack
• 4:32 : New infosec products of the week: May 15, 2026
• 4:32 : How a Google API Key Became an $8,000 AI Bill, Meta Scam Ads Lawsuit, and 73-Second Cyber Attacks
• 23:2 : Nobody believes the ‘criminals and scumbags’ who hacked Canvas really deleted stolen student data
• 22:5 : IT Security News Hourly Summary 2026-05-15 00h : 5 posts
• 21:55 : IT Security News Daily Summary 2026-05-14
• 21:32 : Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network
• 21:32 : Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets
• 21:32 : Innovator Spotlight: Radware
• 21:32 : Innovator Spotlight: Klever Compliance
• 21:2 : Regional routing for AWS access portals: Implementing custom vanity domains for IAM Identity Center
• 19:32 : The “Zombie API” Attack: Why Your Old Integrations Are Your Biggest Security Risk
• 19:32 : U.S. CISA adds a flaw in Cisco Catalyst SD-WAN  to its Known Exploited Vulnerabilities catalog
• 19:32 : Critical Canon MailSuite Vulnerability Enables Remote Code Execution Attacks
• 19:32 : Hackers Compromise 170 npm Packages to Steal GitHub, npm, AWS, and Kubernetes Secrets
• 19:32 : Anthropic’s Mythos AI Reportedly Found macOS Vulnerabilities that Could Bypass Apple Security