New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The post Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility appeared first on SecurityWeek. This article has been…
Tenable Hexa AI automates remediation across attack surfaces
Tenable has announced the general availability of Tenable Hexa AI, the agentic AI engine of the Tenable One Exposure Management Platform. Tenable Hexa AI is an advanced agentic AI for cybersecurity solution, equipped with advanced multi-step reasoning and Model Context…
ASAPP expands adversarial testing for enterprise AI systems
ASAPP has launches Continuous Red Teaming, a new capability that integrates adversarial AI testing directly into ASAPP’s model evaluation framework. The new capability is built on Promptfoo, an AI security platform that helps enterprises detect and address vulnerabilities in AI…
Virtru centers file collaboration around data-level protection
Virtru unveiled Virtru Collaborate, a new offering that eliminates that tradeoff, a FedRAMP authorized space where sensitive files are encrypted and protected by the Trusted Data Format (TDF), and where that protection travels seamlessly with the data as teams work…
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user…
Anthropic Paying SpaceX $1.25bn A Month For Compute
Data centre deal announced earlier this month involves payments amounting to $40bn through May 2029, amid AI cloud capacity crunch This article has been indexed from Silicon UK Read the original article: Anthropic Paying SpaceX $1.25bn A Month For Compute
Critical Drupal Vulnerability Could Leave Sites Open to Cyberattack
The Drupal Security Team has issued a warning about a highly critical vulnerability affecting Drupal core, with a security release scheduled for May 20, 2026 (PSA-2026-05-18). The flaw carries a severity rating of 20/25, indicating a significant risk that attackers…
Forward launches Predict to test network changes before deployment
Forward has unveiled Forward Predict, a new capability that allows organizations to evaluate the impact of network changes before deployment. By testing proposed changes against a digital twin of the production network, Forward Predict helps identify potential issues before they…
Riverbed introduces new Aternity tools for autonomous IT operations
Riverbed has announced new capabilities for Aternity designed to support autonomous IT operations for digital experience management. The updates help digital workplace teams move toward prevention-focused operations through broader visibility, context-aware intelligence, and governance controls that support automated workflows. Organizations…
Samsung Reaches Last-Minute Deal To Avert Strike
Samsung Electronics labour union suspends planned strike action after reaching 11th-hour deal over pay and bonuses This article has been indexed from Silicon UK Read the original article: Samsung Reaches Last-Minute Deal To Avert Strike
Nine-Year-Old Kernel Flaw Puts Linux SSH Private Keys at Risk
A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, poses a serious risk to SSH private keys and other sensitive credentials. The flaw, present in the kernel since 2016, allows a local attacker to escalate from a basic shell account…
Mini Shai-Hulud Hits @antv npm Packages, Targets CI/CD Secrets
An Active and sophisticated supply chain attack targeting the widely used @antv npm ecosystem, where a threat actor compromised a maintainer account and pushed malicious package updates designed to steal sensitive CI/CD credentials. The campaign, dubbed “Mini Shai-Hulud,” demonstrates how…
Discord adds end-to-end encryption to voice and video calls by default
Discord now enables end-to-end encryption by default for all voice and video calls, making conversations inaccessible even to the platform itself. No announcement fanfare, no opt-in required, no settings to dig through. Discord flipped a switch on Monday and end-to-end…
Verizon DBIR 2026: What the experts are saying
According to the 2026 Verizon Data Breach Investigations Report, the threat environment is transforming in terms of speed, scale, and interconnected risk. For the first time in its history, vulnerability exploitation was identified as the top initial access vector, representing 31% of attacks, and…
Terra adds continuous network exploitation validation to its platform
Terra Security has announced the public preview of continuous exploitation validation for network infrastructure, now available to all customers through the Terra Platform. The launch expands Terra’s offensive security capabilities from web applications to network infrastructure and extends coverage across…
CTERA brings AI insights and automation for unstructured data
CTERA has announced the launch of CTERA InsightAI, an agentic AI intelligence layer for the CTERA Intelligent Data Platform. The new capability is designed to help enterprises understand, manage, secure, and optimize unstructured data environments. CTERA InsightAI adds AI-driven insights…
GitHub VS Code extension breach, Shai-Hulud npm package compromise, Huawei/Luxembourg telecom link
GitHub breach via VS Code extension Shai-Hulud wave compromises 600 npm packages Huawei attack behind Luxembourg telecom crash Get the show notes here: https://cisoseries.com/cybersecurity-news-github-vs-code-extension-breach-shai-hulud-npm-package-compromise-huawei-luxembourg-telecom-link/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their…
IT Security News Hourly Summary 2026-05-21 09h : 8 posts
8 posts were published in the last hour 7:4 : Police Arrest Dozens In Cyber-Fraud Crackdown 7:4 : P2PInfect Botnet Targets Kubernetes via Exposed Redis 7:4 : Dragonica Lunaris – 126,293 breached accounts 7:4 : Two U.S. Executives Plead Guilty…
Police Arrest Dozens In Cyber-Fraud Crackdown
City of London Police work with financial analysts, international law enforcement to arrest cyber-fraudsters, romance scam operators This article has been indexed from Silicon UK Read the original article: Police Arrest Dozens In Cyber-Fraud Crackdown
P2PInfect Botnet Targets Kubernetes via Exposed Redis
A persistent P2Pinfect botnet campaign targeting Google Kubernetes Engine (GKE) clusters through exposed Redis instances, highlighting how a single cloud misconfiguration can enable long-term compromise. In several investigated environments, attackers maintained access for up to six months, with consistent botnet…
Dragonica Lunaris – 126,293 breached accounts
In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt password hashes. The service operator confirmed the breach and advised it has since been…
Two U.S. Executives Plead Guilty in India-Based Tech-Support Fraud Schemes
Two former executives of a U.S.-based call routing and analytics company have pleaded guilty to federal charges for knowingly enabling India-based call centers to defraud thousands of American victims through elaborate tech-support scam operations spanning nearly six years. Former CEO…
Zombie user account let hackers control the city’s water
Failing to disable a former employee’s account was a huge mistake This article has been indexed from www.theregister.com – Articles Read the original article: Zombie user account let hackers control the city’s water
Webworm: New burrowing techniques
ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal This article has been indexed from WeLiveSecurity Read the original article: Webworm: New burrowing techniques