Nx Console’s popular VS Code extension was briefly weaponized into a credential-stealing tool that can leak developer and cloud secrets and plant a persistent backdoor. Anyone who installed v18.95.0 should treat their environment as fully compromised. On May 18, 2026,…
Mythos Preview Automates PoC Exploit Creation for Vulnerability Research
A new AI model from Anthropic is changing how security teams find and prove software vulnerabilities. It is raising hard questions about what happens when the same technology falls into the wrong hands. Cloudflare has published findings from its participation…
SEPPmail Gateway Flaws Expose Organizations to RCE and Email Traffic Interception
Multiple critical vulnerabilities in the SEPPmail Secure E-Mail Gateway are putting thousands of organizations at risk of remote code execution (RCE) and the interception of sensitive email. The flaws, tracked under several CVEs, impact widely deployed SEPPmail appliances used for…
Earbud sensors can authenticate users by their heartbeat, study finds
Researchers built a continuous authentication system called AccLock that identifies a wearer by the tiny vibrations a heartbeat makes inside the ear canal. The signal comes from an accelerometer of the kind already sitting inside many wireless earbuds, so no…
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. “The attack affects packages tied to the npm maintainer…
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. “Every existing tag in the repository has been…
AI infrastructure is cracking under sovereignty demands
AI deployments are moving into environments with tighter controls around data, infrastructure, and system operations. Organizations are building AI systems across multiple providers, platforms, and computing environments while managing governance, security, and compliance obligations within defined boundaries. NTT DATA’s 2026…
Mythos Preview Builds PoC Exploits in Automated Vulnerability Research
Anthropic’s Mythos Preview security-focused AI model is crossing a critical threshold in automated vulnerability research, not just finding bugs, but chaining them together into working proof-of-concept exploits. That’s the finding from Cloudflare’s security team, which spent several weeks running the…
Cybersecurity jobs available right now: May 19, 2026
CISO DataFence | Israel | Hybrid – View job details As a CISO, you will develop security roadmaps, compliance plans, risk registers, policies, and control implementation plans while leading audit and regulatory compliance activities. You will manage client projects from…
Exchange Zero-Day Under Attack, Ransomware Gets Smarter, Fortinet Critical Flaws
A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution…
ISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936, (Tue, May 19th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, May 19th, 2026…
CTT – 468,124 breached accounts
In April 2026, data allegedly obtained from CTT, Portugal’s national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to…
Are Attackers Hiding Inside Your Network Traffic?
Spur Intelligence found attackers increasingly using VPNs and residential proxies to hide malicious activity in legitimate traffic. The post Are Attackers Hiding Inside Your Network Traffic? appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Do fear the Reaper – stealer swipes macOS users’ passwords, wallets, then backdoors them
While also spoofing all the trusted domains – Apple, Microsoft, and Google – in the same attack This article has been indexed from www.theregister.com – Articles Read the original article: Do fear the Reaper – stealer swipes macOS users’ passwords,…
How Storm-2949 turned a compromised identity into a cloud-wide breach
Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operate undetected. The post How Storm-2949 turned a compromised identity…
Shai-Hulud copycat worm infects yet another npm package
Plus three other stealers in three other packages, all from the same scumbag This article has been indexed from www.theregister.com – Articles Read the original article: Shai-Hulud copycat worm infects yet another npm package
IT Security News Hourly Summary 2026-05-19 00h : 2 posts
2 posts were published in the last hour 22:3 : Addi – 34,532,941 breached accounts 21:55 : IT Security News Daily Summary 2026-05-18
Addi – 34,532,941 breached accounts
In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that “it is possible that your personal information may have been compromised”. The “pay or leak” extortion group ShinyHunters subsequently claimed responsibility and…
IT Security News Daily Summary 2026-05-18
149 posts were published in the last hour 21:4 : Securing Everything: Mapping the Right Identity and Access Protocol (OIDC, OAuth2, and SAML) to the Right Identity 21:4 : CISA Admin Leaked AWS GovCloud Keys on Github 20:32 : TeamPCP…
Securing Everything: Mapping the Right Identity and Access Protocol (OIDC, OAuth2, and SAML) to the Right Identity
Overview Identity and access security is built on two fundamental requirements: Authentication (AuthN) — who you are, and Authorization (AuthZ) — what you are allowed to do. Every secure system must answer both questions clearly and consistently. In modern architecture,…
CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said…
TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)
Since the last update, the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jenkins plugin compromise and a new self-spreading Mini Shai-Hulud worm across npm and PyPI. This article has been…
CVE-2026-42945: Mitigating a Critical Heap Buffer Overflow Vulnerability in NGINX
Discover CVE-2026-42945 (NGINX Rift), a critical heap buffer overflow vulnerability. Learn about the affected versions and critical patch updates. This article has been indexed from Blog Read the original article: CVE-2026-42945: Mitigating a Critical Heap Buffer Overflow Vulnerability in NGINX
10 Top OSINT Tools Every Investigator Should Know in 2026
Modern OSINT platforms rely more on AI and automation, while older social tracking methods keep losing access due to privacy and API restrictions. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…