- New Windows 'MiniPlasma' Zero-Day Exploit Gives SYSTEM Access, PoC Released18 May 2026, 10:00 pm
A researcher known as Chaotic Eclipse has released a proof-of-concept exploit for a new Windows zero-day dubbed MiniPlasma, which BleepingComputer confirmed can grant SYSTEM privileges on fully patched Windows 11 systems. The researcher claims the bug is effectively a still-exploitable version of a 2020 flaw Microsoft said it had fixed. From the report: At the time, the flaw was assigned the CVE-2020-17103 identifier and reportedly fixed in December 2020. "After investigating, it turns out the e... 
- Microsoft Exchange Server Vulnerability Actively Exploited, in a Bad Week for Microsoft17 May 2026, 8:56 pm
Forbes describes it as "definitely already out there, and under active exploitation according to the U.S. Cybersecurity and Infrastructure Security Agency, urging all organizations to prioritize timely remediation as the attack vector poses a significant risk."
"We have issued CVE-2026-42897 to address a spoofing vulnerability affecting Exchange Outlook Web Access (OWA)," Microsoft told SecurityWeek. "We recommend customers enable EEMS to be better protected, and to follow our guidance availab...
- Sysadmin Creates 'ModuleJail' To Automatically Blacklist Unused Kernel Modules17 May 2026, 3:34 pm
Long-time Slashdot reader internet-redstar shares an interestging response to "the recent wave of Linux kernel privilege escalation vulnerabilities like 'Copy Fail' and 'Dirty Frag'":
Belgian Linux sysadmin and Tesla Hacker "Jasper Nuyens" got tired of the idea of manually blacklisting dozens or even hundreds of obscure kernel modules across large fleets of Linux systems in the near future.
So he wrote ModuleJail, a GPLv3 shell script that scans a running Linux system and automatically blacklis...
- Anthropic's Mythos Helped Build a Working macOS Exploit in Five Days16 May 2026, 6:34 pm
"The vulnerability is simple in practice," writes Tom's Hardware: "run a command as a standard user and gain root (administrator) access to the machine."
And it was Mythos Preview that helped the security researchers at Palo Alto-based Calif bypass a five-year Apple security effort in just five days. The blog 9to5Mac reports:
Last year, Apple introduced Memory Integrity Enforcement (MIE), a hardware-assisted memory safety system designed to make memory corruption exploits much harder to execut...
- Why Is the US Job Market So Tough, Especially for Recent College Grads?16 May 2026, 2:34 pm
What's going on with the U.S. job market? "The economy is growing. Unemployment is low," notes the Washington Post. "And yet, for millions of workers, finding a job has become harder than at almost any other point in decades," with the hiring rate "well below pre-pandemic levels for more than a year."
Part of the problem? "Of the net 369,000 positions added across the entire economy since the start of 2025, health care alone accounted for nearly 800,000 — meaning every other sector, taken t...
- Linux Kernel Outlines What Qualifies As A Security Bug, Responsible AI Use16 May 2026, 11:00 am
The Linux 7.1 kernel has added new documentation clarifying what qualifies as a security bug and how AI-assisted vulnerability reports should be handled. Phoronix reports: Stemming from the recent influx of security bugs to the Linux kernel as well as an uptick in bug and security reports from discoveries made in full or in part with AI, additional documentation was warranted. Longtime Linux developer Willy Tarreau took to authoring the additional documentation around kernel bugs. To summarize (...
- Bitwarden Scrubs 'Always Free' and 'Inclusion' Values From Its Website15 May 2026, 9:00 pm
Bitwarden appears to be undergoing a quiet shift in leadership and messaging. Its longtime CEO and CFO have stepped down, while the company has removed "Always free" from a prominent password-manager page and replaced "Inclusion" and "Transparency" in its GRIT values with "Innovation" and "Trust." Fast Company reports: In February, longtime CEO Michael Crandell moved to an advisory role, according to LinkedIn, with no announcement from the company. His replacement, Michael Sullivan, former CEO o...
- SpaceX Unveils Sweeping Starship V3 Upgrades15 May 2026, 7:00 am
SpaceX has detailed major Starship V3 upgrades ahead of a launch targeted as early as May 19. The changes are meant to move Starship closer to its core goals: rapid reuse, Starlink deployment, orbital refueling, and eventually Moon and Mars missions. Longtime Slashdot reader schwit1 shares a report from Teslarati: Here is an explicit, broken-down list of the key changes, first starting with the changes to Super Heavy V3:
- Grid Fin Redesign: Reduced from four fins to three. Each fin is now 50%...
- Mystery Microsoft Bug Leaker Keeps the Zero-Days Coming14 May 2026, 11:00 am
An anonymous researcher known as Nightmare-Eclipse, who has already leaked several Windows zero-days this year, has disclosed two more: YellowKey and GreenPlasma. The Register reports: Nightmare-Eclipse described YellowKey as "one of the most insane discoveries I ever found." They provided the files, which have to be loaded onto a USB drive, and if the attacker completes the key sequence correctly, they are granted unrestricted shell access to a BitLocker-protected machine. When it comes to clai...
- Fragnesia Made Public As Latest Linux Local Privilege Escalation Vulnerability13 May 2026, 7:00 pm
A new Linux local privilege escalation flaw called Fragnesia has been disclosed as a Dirty Frag-like vulnerability, allowing arbitrary byte writes into the kernel page cache of read-only files through a separate ESP/XFRM logic bug. Phoronix reports: Proof of concept code for Fragnesia is already out there. There is a two-line patch for addressing the issue within the Linux kernel's skbuff.c code. That patch hasn't yet been mainlined or picked up by any mainline kernel releases but presumably wil...
- Meta Opens Ray-Ban Display Glasses to Third-Party Developers Through Wearables Toolkit18 May 2026, 10:09 am
Meta has opened a developer preview of its Ray-Ban Display smart glasses, allowing third-party apps to access the in-lens display for the first time.
Thank you for being a Ghacks reader. The post Meta Opens Ray-Ban Display Glasses to Third-Party Developers Through Wearables Toolkit appeared first on gHacks....
- OpenAI Launches Personal Finance Experience in ChatGPT for Pro Users in the US18 May 2026, 9:57 am
OpenAI has introduced a preview of a personal finance feature in ChatGPT for Pro users in the United States.
Thank you for being a Ghacks reader. The post OpenAI Launches Personal Finance Experience in ChatGPT for Pro Users in the US appeared first on gHacks....
- Linus Torvalds Says AI-Generated Bug Reports Have Made Linux Security Mailing List Unmanageable18 May 2026, 9:25 am
Linux creator Linus Torvalds has said that the Linux kernel's security mailing list has become almost impossible to manage due to an influx of AI-generated bug
Thank you for being a Ghacks reader. The post Linus Torvalds Says AI-Generated Bug Reports Have Made Linux Security Mailing List Unmanageable appeared first on gHacks....
- Steam Controller Reservation Emails Begin Going Out With 72-Hour Purchase Windows18 May 2026, 7:30 am
Valve has started sending reservation emails to people on the Steam Controller waitlist, giving eligible buyers a chance to complete their purchase.
Thank you for being a Ghacks reader. The post Steam Controller Reservation Emails Begin Going Out With 72-Hour Purchase Windows appeared first on gHacks....
- Firefox Gains 6 Million Users Since EU Browser Choice Screen Rules Took Effect17 May 2026, 8:04 am
Since 2024, Firefox has gained 6 million users, mainly due to browser choice screens introduced under the EU Digital Markets Act, according to data from The Reg
Thank you for being a Ghacks reader. The post Firefox Gains 6 Million Users Since EU Browser Choice Screen Rules Took Effect appeared first on gHacks....
- Meta Launches Incognito Chat With Meta AI for Private Conversations on WhatsApp and Meta AI App17 May 2026, 7:56 am
Meta has introduced Incognito Chat with Meta AI, a new mode for WhatsApp and the Meta AI app that offers private conversations, which the company claims cannot
Thank you for being a Ghacks reader. The post Meta Launches Incognito Chat With Meta AI for Private Conversations on WhatsApp and Meta AI App appeared first on gHacks....
- Windows 11 Build 26300.8493 Brings Movable Taskbar, Smaller Taskbar Mode, and Fluid Dictation to More Languages16 May 2026, 11:08 am
Microsoft has released Windows 11 Build 26300.
Thank you for being a Ghacks reader. The post Windows 11 Build 26300.8493 Brings Movable Taskbar, Smaller Taskbar Mode, and Fluid Dictation to More Languages appeared first on gHacks....
- Forza Horizon 6 Hits 172,000 Concurrent Steam Players in Early Access, More Than Double Forza Horizon 5's Peak16 May 2026, 10:54 am
Forza Horizon 6 reached a peak of 172,093 concurrent players on Steam within hours of its $120 Premium Edition early access launch on May 14, 2026, according to
Thank you for being a Ghacks reader. The post Forza Horizon 6 Hits 172,000 Concurrent Steam Players in Early Access, More Than Double Forza Horizon 5's Peak appeared first on gHacks....
- Forza Horizon 6 PC System Requirements Published Ahead of May 19 Launch15 May 2026, 10:26 am
Playground Games has revealed the full PC system requirements for Forza Horizon 6 ahead of its launch on May 19 for Xbox Series X|S and PC.
Thank you for being a Ghacks reader. The post Forza Horizon 6 PC System Requirements Published Ahead of May 19 Launch appeared first on gHacks....
- Tired of AI in Google Search? Here's How To Remove AI Overviews and Knowledge Cards15 May 2026, 10:23 am
Google Search offers a Web filter mode that removes AI Overviews, Knowledge cards, hotel listings, flight panels, and other content injected by Google from sear
Thank you for being a Ghacks reader. The post Tired of AI in Google Search? Here's How To Remove AI Overviews and Knowledge Cards appeared first on gHacks....
- CISA Adds One Known Exploited Vulnerability to Catalog15 May 2026, 12:00 pm
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list...
- Siemens Siemens ROS#14 May 2026, 12:00 pm
View CSAF
Summary
ROS# contains a ROS service file_server, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are accessible with the user rights of the user that runs the service, on the system that hosts service. Siemens has released a new version for ROS# and recommends to update to the latest version.
The following versions of Siemens Siemens ROS# are affected:
ROS# vers:intdot/<2.2.2
...
- Siemens SIMATIC S7 PLC Web Server14 May 2026, 12:00 pm
View CSAF
Summary
SIMATIC S7 PLCs contain multiple vulnerabilities in the web server that could allow an attacker to perform cross-site scripting attacks. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
The following versions of Siemens SIMATIC S7 PLC Web Server are affected:
SIMATIC Drive Contr...
- Siemens Ruggedcom Rox14 May 2026, 12:00 pm
View CSAF
Summary
Ruggedcom Rox contains an improper access control vulnerability that could allow an authenticated remote attacker to read arbitrary files with root privileges from the underlying operating system's filesystem. Siemens has released new versions for the affected products and recommends to update to the latest versions.
The following versions of Siemens Ruggedcom Rox are affected:
RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1
RUGGEDCOM ROX MX5000RE vers:intdot/<2.17.1
RUGGEDCO...
- Siemens Opcenter RDnL14 May 2026, 12:00 pm
View CSAF
Summary
Opcenter RDnL is affected by missing authentication in critical function in ‘ActiveMQ Artemis’. An unauthenticated attacker within the adjacent network could use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This could potentially result in availability impacts or message injection into any queue via the rogue broker. Breaking the integrity of a message has a low impact due to missing a...
- Siemens SENTRON 7KT PAC1261 Data Manager14 May 2026, 12:00 pm
View CSAF
Summary
The web server in SENTRON 7KT PAC1261 Data Manager Before V2.1.0 contains a request smuggling vulnerability in the Go Project's net/http package that could allow an attacker to retrieve authorization tokens that can be used to gain administrative control over the device. Siemens has released a new version for SENTRON 7KT PAC1261 Data Manager and recommends to update to the latest version.
The following versions of Siemens SENTRON 7KT PAC1261 Data Manager are affected:
SENTRON ...
- Siemens Solid Edge14 May 2026, 12:00 pm
View CSAF
Summary
Solid Edge SE2026 before Update 5 is affected by two file parsing vulnerabilities that could be triggered when the application reads specially crafted files in PAR format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a new version for Solid Edge SE2026 and recommends to update to the latest version.
The following versions of Siemens Solid Edge are affected:
Solid Edge vers:intdot/<226.0.5
CVSS
Vendor
Equipment
...
- Siemens SIPROTEC 514 May 2026, 12:00 pm
View CSAF
Summary
The SIPROTEC 5 devices do not use sufficiently random numbers to generate session identifiers. This could facilitate a brute-force attack against a valid session identifier which could allow an unauthenticated remote attacker to hijack a valid user session. The affected session identifiers are only used in a subset of the endpoints that are provided by the affected products. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or no...
- Siemens Ruggedcom Rox14 May 2026, 12:00 pm
View CSAF
Summary
Ruggedcom Rox contains an input validation vulnerability in the feature key installation process that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected products and recommends to update to the latest versions.
The following versions of Siemens Ruggedcom Rox are affected:
RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1
RUGGEDCOM ROX MX5000RE vers:intd...
- Universal Robots Polyscope 514 May 2026, 12:00 pm
View CSAF
Summary
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code.
The following versions of Universal Robots Polyscope 5 are affected:
Polyscope 5 <5.25.1
CVSS
Vendor
Equipment
Vulnerabilities
v3 9.8
Universal Robots
Universal Robots Polyscope 5
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Background
Critical Infrastructure Sectors: Critical Manufacturing
Countrie...
- INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests18 May 2026, 5:21 pm
INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382 suspects.
The initiative involved the efforts of 13 countries from the region between October 2025 and February 2026, aiming to investigate and neutralize malicious infrastructure, arrest perpetrators behind these...
- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More18 May 2026, 1:50 pm
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted.
The pattern is clear. One weak dependency can leak keys. One leaked key can open cloud access. One cloud foothold can become a production...
- How to Reduce Phishing Exposure Before It Turns into Business Disruption18 May 2026, 1:00 pm
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread.
Early phishing detection closes that gap. It helps teams move from uncertainty to evidence faster,...
- Developer Workstations Are Now Part of the Software Supply Chain18 May 2026, 11:23 am
Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is...
- Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws18 May 2026, 10:54 am
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code.
Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks.
"External control of a file name...
- MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems18 May 2026, 8:57 am
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems.
Codenamed MiniPlasma, the vulnerability impacts "cldflt.sys," which refers to the Windows Cloud Files Mini Filter Driver,...
- Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware18 May 2026, 8:57 am
Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP.
The list of identified packages is below -
chalk-tempalte (825 Downloads)
@deadcode09284814/axios-util (284 Downloads)
axois-utils (963 Downloads)
color-style-utils (934 Downloads)
"One of the packages (chalk-tempalte)...
- Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations18 May 2026, 6:46 am
A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations.
According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design.
"Fast16's hook engine is selectively interested in...
- NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE17 May 2026, 11:57 am
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck.
The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the...
- Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt17 May 2026, 7:13 am
Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase.
"Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations," Grafana
said
in a series of...
- CISA Admin Leaked AWS GovCloud Keys on Github18 May 2026, 8:48 pm
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history....
- Patch Tuesday, May 2026 Edition12 May 2026, 9:46 pm
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases....
- Canvas Breach Disrupts Schools & Colleges Nationwide8 May 2026, 2:58 am
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions....
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPs30 April 2026, 2:04 pm
A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm's chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company's public image....
- ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty21 April 2026, 2:53 pm
A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors....
- Patch Tuesday, April 2026 Edition14 April 2026, 9:47 pm
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution....
- Russia Hacked Routers to Steal Microsoft Office Tokens7 April 2026, 5:02 pm
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code....
- Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab6 April 2026, 2:07 am
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021....
- ‘CanisterWorm’ Springs Wiper Attack Targeting Iran23 March 2026, 3:43 pm
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language....
- Feds Disrupt IoT Botnets Behind Huge DDoS Attacks20 March 2026, 12:49 am
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets -- named Aisuru, Kimwolf, JackSkid and Mossad -- are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline....
- Zero-Day Exploit Against Windows BitLocker18 May 2026, 11:08 am
It’s nasty, but it requires physical access to the computer:
The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection...
- Friday Squid Blogging: Bigfin Squid16 May 2026, 1:03 am
Article about the bigfin squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Blog moderation policy....
- Bypassing On-Camera Age-Verification Checks15 May 2026, 11:06 am
Some AI-based video age-verification checks can be fooled with a fake mustache....
- Upcoming Speaking Engagements14 May 2026, 4:01 pm
This is a current list of where and when I am scheduled to speak:
I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financial Women’s Association of New York, at 6:00 PM ET on May 21, 2026.
I’m speaking at the Potsdam Conference on National Cybersecurity at the Hasso Plattner Institut in Potsdam, Germany. The event runs June 24–25, 2026, and my talk will be the evening of June 24.
I’m speaking at the Digital Humanism Conference in Vienna, Austri...
- How Dangerous Is Anthropic’s Mythos AI?14 May 2026, 11:04 am
Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan and fix their own software.
The announcement requires context—but it contained an essential truth.
While Anthropic’s model is really good at finding software vulnerabilities, so are other models. The ...
- OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities13 May 2026, 11:03 am
The UK’s AI Security Institute evaluated GPT-5.5’s ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available.
Here is the Institute’s evaluation of Mythos.
And here is an analysis of a smaller, cheaper model. It requires more scaffolding from the prompter, but it is also just as good....
- Copy.Fail Linux Vulnerability12 May 2026, 11:06 am
This is the worst Linux vulnerability in years.
TL;DR
copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC.
It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four bytes at a time straight into the page cache of a file the attacker does not own.
The exploit works unmodified across Ubuntu, RHEL, Debian, SUSE, Amazon Linux, Fedora and most others. No race condition, no per-distro off...
- LLMs and Text-in-Text Steganography11 May 2026, 11:04 am
Turns out that LLMs are really good at hiding text messages in other text messages....
- Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia8 May 2026, 9:03 pm
Evidence of them has been found by analyzing DNA in the seawater.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Blog moderation policy....
- Insider Betting on Polymarket8 May 2026, 5:49 pm
Insider trading is rife on Polymarket:
Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets—defined as wagers of $2,500 or more at odds of 35 percent or less—on the platform had an average win rate of around 52 percent in markets on military and defense actions.
That compares with a win rate of 25 percent across all politics-focused markets and just 14 percent for all markets on the platform as a whole.
It is absolutely insa...
- Microsoft Exchange Zero-Day Under Attack, No Patch Available18 May 2026, 9:43 pm
CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes....
- 'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments18 May 2026, 9:24 pm
The now patched vulnerabilities in the rapidly growing AI agent framework allow attackers to steal credentials, escalate privileges, and maintain persistence....
- Shai-Hulud Worm Clones Spread After Code Release18 May 2026, 7:53 pm
The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale....
- Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive18 May 2026, 3:41 pm
Security experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors....
- The Boring Stuff Is Dangerous Now18 May 2026, 1:00 pm
AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt accordingly....
- Boulevard of Broken Dreams: 2 Decades of Cyber Fails18 May 2026, 12:00 pm
From the MGM and Caesars fiasco and MOVEit's patch nightmare to epic business blunders and the jaded reality of living in a post-breach world, Dark Reading looks back at the mistakes, miscalculations, systemic failures, and cringeworthy moments that still have us shaking our heads....
- Can Laws Stop Deepfakes? South Korea Aims to Find Out18 May 2026, 1:00 am
South Korea's local elections next month will be a test bed for how effective regulations might be to stymie the flow of deepfakes....
- Congress Puts Heat on Instructure After Canvas Outage15 May 2026, 8:19 pm
The House Committee on Homeland Security sent a letter about the Canvas cyberattack, the same day that the edtech company said it reached an "agreement" with the ShinyHunters cybercriminals....
- Cyber Pioneers Ponder Past as Prologue15 May 2026, 12:00 pm
Robert "RSnake" Hansen, Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier reflect on how their favorite columns penned for Dark Reading over the past 20 years have stood the test of time....
- Taiwan Bullet Train Hack Highlights Cybersecurity Gaps in Rail Systems15 May 2026, 1:00 am
A Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an anti-terrorism response....
- INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers18 May 2026, 10:15 pm
More than 200 individuals were arrested for cybercrime activities during INTERPOL's Operation Ramz, which focused on the Middle East and North Africa. [...]...
- SHub macOS infostealer variant spoofs Apple security updates18 May 2026, 9:42 pm
A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. [...]...
- 5 Steps to Managing Shadow AI Tools Without Slowing Down Employees18 May 2026, 6:45 pm
Many employees already use shadow AI tools at work without security review. Adaptive Security breaks down how teams can build practical AI governance without adding friction for employees. [...]...
- Leaked Shai-Hulud malware fuels new npm infostealer campaign18 May 2026, 5:28 pm
The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. [...]...
- Grafana says stolen GitHub token let hackers steal codebase18 May 2026, 1:46 pm
Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. [...]...
- Microsoft testing adjustable taskbar, Start menu in Windows 1118 May 2026, 11:14 am
Microsoft has finally brought back the resizable taskbar and Start menu to Windows 11 in the latest preview version rolling out to Insiders in the Experimental channel. [...]...
- Microsoft confirms Windows 11 security update install issues18 May 2026, 8:33 am
Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors. [...]...
- Exploit available for new DirtyDecrypt Linux root escalation flaw18 May 2026, 7:18 am
A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. [...]...
- Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 202618 May 2026, 5:33 am
The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. [...]...
- New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released17 May 2026, 10:30 pm
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows systems. [...]...
- Student Loan Breach Exposes 2.5M Records31 August 2022, 12:57 pm
2.5 million people were affected, in a breach that could spell more trouble down the line....
- Watering Hole Attacks Push ScanBox Keylogger30 August 2022, 4:00 pm
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool....
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms29 August 2022, 2:56 pm
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system....
- Ransomware Attacks are on the Rise26 August 2022, 4:44 pm
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group....
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras25 August 2022, 6:47 pm
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed....
- Twitter Whistleblower Complaint: The TL;DR Version24 August 2022, 2:17 pm
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk....
- Firewall Bug Under Active Attack Triggers CISA Warning23 August 2022, 1:19 pm
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP....
- Fake Reservation Links Prey on Weary Travelers22 August 2022, 1:59 pm
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels....
- iPhone Users Urged to Update to Patch 2 Zero-Days19 August 2022, 3:25 pm
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack....
- Google Patches Chrome’s Fifth Zero-Day of the Year18 August 2022, 2:31 pm
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack....
- Millions Impacted Across Several US Healthcare Data Breaches18 May 2026, 12:58 pm
Several healthcare data breaches impacting hundreds of thousands and even millions were added to the HHS tracker.
The post Millions Impacted Across Several US Healthcare Data Breaches appeared first on SecurityWeek....
- ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery18 May 2026, 12:14 pm
Four vulnerabilities in OpenClaw can be chained together to steal credentials, escape the sandbox, and plant persistent backdoors.
The post ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery appeared first on SecurityWeek....
- 7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand18 May 2026, 11:25 am
The hackers claimed to have stolen more than 600,000 Salesforce records, including personal information and corporate data.
The post 7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand appeared first on SecurityWeek....
- Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE18 May 2026, 10:38 am
The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug.
The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek....
- First Shai-Hulud Worm Clones Emerge18 May 2026, 9:45 am
At least one threat actor has adopted the recently released malware source code in attacks against NPM developers.
The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek....
- Grafana Confirms Breach After Hackers Claim They Stole Data18 May 2026, 8:34 am
Grafana appears to have been targeted by Coinbase Cartel, a cybercrime group linked to ShinyHunters, Scattered Spider, and Lapsus$.
The post Grafana Confirms Breach After Hackers Claim They Stole Data appeared first on SecurityWeek....
- Exploitation of Critical NGINX Vulnerability Begins18 May 2026, 7:27 am
The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled.
The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek....
- Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 18 May 2026, 4:05 am
Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products.
The post Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 appeared first on SecurityWeek....
- PoC Code Published for Critical NGINX Vulnerability16 May 2026, 10:02 am
Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source.
The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek....
- In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws15 May 2026, 2:52 pm
Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas.
The post In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws appeared first on SecurityWeek....
- ISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936, (Tue, May 19th)19 May 2026, 2:00 am
...
- TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)18 May 2026, 8:08 pm
Since the last update, the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jenkins plugin compromise and a new self-spreading Mini Shai-Hulud worm across npm and PyPI.
...
- [Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)15 May 2026, 6:38 am
...
- ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)15 May 2026, 4:10 am
...
- Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)14 May 2026, 6:08 am
Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of all formatting, and destinations of all links included in the message become visible to the user, as you can see in the following images which show the same e-mail when it is placed in the inbox, and when it is placed in the Junk folder.
...
- ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)14 May 2026, 4:20 am
...
- [GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)13 May 2026, 6:29 am
&#;x26;#;x5b;This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor&#;x26;#;39;s degree in Applied Cybersecurity (BACS) program.]
...
- ISC Stormcast For Wednesday, May 13th, 2026 https://isc.sans.edu/podcastdetail/9930, (Wed, May 13th)13 May 2026, 3:05 am
...
- Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)13 May 2026, 1:20 am
.. if âunproxyableâ is a word that is ..
...
- Microsoft May 2026 Patch Tuesday, (Tue, May 12th)12 May 2026, 6:29 pm
Today&#;x26;#;39;s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge.
...
- Why AMOS matters: The macOS malware stealing data at scale14 May 2026, 12:00 am
Sophos X-Ops looks at the Atomic macOS Stealer and its capabilitiesCategories: Threat ResearchTags: MacOS, AMOS, infostealer...
- May’s Patch Tuesday hauls out 132 CVEs13 May 2026, 9:12 pm
...
- May’s Patch Tuesday hauls out 132 CVEs13 May 2026, 12:00 am
With advisories, this month’s count approaches 300 – though many are already in placeCategories: Threat Research, X-opsTags: Patch Tuesday, MICROSOFT PATCH TUESDAY...
- Inside the lethal trifecta: Blast radius reduction in AI agent deployments12 May 2026, 8:51 pm
...
- Sophos Endpoint in action: Blocking a novel supply chain attack12 May 2026, 12:00 am
How the unique anti-exploitation capabilities included with Sophos Endpoint blocked a supply chain attack.Categories: Products & ServicesTags: Endpoint, Sophos Endpoint, Exploits...
- The State of Identity Security 2026: Identity is the new perimeter12 May 2026, 12:00 am
Discover the causes and consequences of identity threats based on a survey of 5,000 organizations across 17 countries.Categories: Products & ServicesTags: identity, Identity Security, Ransomware...
- Operating inside the lethal trifecta: Blast radius reduction in AI agent deployments12 May 2026, 12:00 am
Seven things security teams can start doing today to reduce riskCategories: Threat ResearchTags: AI, CISO, risk...
- Sophos State of Identity Security 202611 May 2026, 8:20 pm
...
- Why AMOS matters: The macOS malware stealing data at scale11 May 2026, 2:56 pm
...
- Ransomware: AI changes the writer. It doesn't change the math.11 May 2026, 12:00 am
Why most endpoint protection still treats ransomware as just another piece of malware, and what changes when you watch the data instead of the attacker.Categories: Products & ServicesTags: Ransomware, Endpoint, Sophos Endpoint, EDR, AI, artificial intelligence...
- Unauthorized Plugin Installation/Activation in Hunk Companion10 December 2024, 9:03 pm
This report highlights a vulnerability in the Hunk Companion plugin < 1.9.0 that allows unauthenticated POST requests to install and activate plugins directly from the WordPress.org repository. This flaw poses a significant security risk, as it enables attackers to install vulnerable or closed plugins, which can then be exploited for attacks such as Remote Code Execution […]...
- Identifying Traffic from Shell Finder Bots1 November 2024, 11:04 pm
A shell finder is a type of reconnaissance tool that is used by threat actors to identify websites that have already been compromised and contain backdoor shells. A backdoor shell is a form of malware that is added by a threat actor after gaining unauthorized access to a website. The purpose of a backdoor shell is […]...
- Unpatched Vulnerability in TI WooCommerce Wishlist Plugin9 September 2024, 5:45 pm
A Few weeks ago an Sql Injection was discovered in the TI WooCommerce Wishlist plugin. After checking closer we found another entry point, affecting over 100,000 active installs. Despite the severity of this issue, the vendor have not yet provided a patch, leading to public disclosure. The vulnerability can be exploited by unauthenticated users, allowing […]...
- Unauthenticated Privilege Escalation in Profile-Builder plugin15 July 2024, 4:29 pm
During a routine audit of various WordPress plugins, we identified some issues in Profile Builder and Profile Builder Pro (50k+ active installs). We discovered an Unauthenticated Privilege Escalation Vulnerability which could allow attackers to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This vulnerability was fixed on […]...
- Object Injection vulnerability fixed in SEOPress 7.924 June 2024, 2:00 pm
During a routine audit of various WordPress plugins, we identified a few issues in SEOPress (300k+ active installs). More specifically, we discovered an authentication bug which could allow attackers to access certain protected REST API routes without having any kind of account on the targeted site. Digging deeper into what an attacker could do with this […]...
- 10 of the Best Website Security Tools to Stay Ahead of Hackers5 June 2024, 1:00 pm
Which website security tools are really necessary for your site? What to consider before investing in new software. 10 must-have tools you can’t skip....
- The 10 Best Vulnerability Scanners for Effective Web Security16 May 2024, 1:00 pm
7 factors for choosing the best vulnerability scanner. Top options compared on features, pros, cons, & pricing. 5 things that make a great scanner...
- A persistent twist in the current Malware Campaign13 May 2024, 7:12 pm
Recently while covering malware campaigns exploiting the LiteCache and WP‑Automatic WordPress plugins, we found that attackers were installing php‑everywhere, a plugin that allows users to run arbitrary PHP code in their site’s posts. This plugin was closed on April 25th per its author’s request. The reasoning behind this installation was to have persistent malware on the […]...
- Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin3 May 2024, 3:01 pm
If you’ve recently encountered the admin user wpsupp‑user on your website, it means it’s being affected by this wave of infections. Identifying Contamination Signs: The malware typically injects code into critical WordPress files, often manifesting as : Or in the database, when the vulnerable version of LiteSpeed Cache is exploited : decoded version: Cleanup Procedures Identifying Malicious URLs and IPs […]...
- New Malware Campaign Targets WP-Automatic Plugin24 April 2024, 7:27 pm
A few weeks ago a critical vulnerability was discovered in the plugin WP‑Automatic. This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as attackers can exploit it to gain unauthorized access to websites, create admin‑level user accounts, upload malicious files, and potentially take full control of affected sites. The Vulnerability The vulnerability lies in […]...
- GitHub Actions Linux Self-Hosted Runners Security Risks 2025-3006615 May 2026, 5:59 pm
Self-hosted GitHub Actions runners give organizations far more flexibility than standard cloud-hosted runners. Teams can integrate internal infrastructure directly into CI/CD workflows, automate Kubernetes deployments, run custom tooling, and manage Linux-based build environments without relying entirely on external infrastructure....
- Linux Security Monitoring Challenges and EDR Visibility Gaps14 May 2026, 11:51 am
An attacker compromises a Linux container, launches a cryptominer, sets up a way to stay in the system through a background task, and disappears before the investigation even begins. By the time analysts start looking at the logs, the workload has shut down, and the container no longer exists....
- Linux Kernel Fragnesia Critical Privilege Escalation CVE-2026-4630014 May 2026, 11:32 am
Linux administrators are once again dealing with a familiar problem: a local Linux foothold that can potentially become full root access....
- RubyGems Attack Highlights Open Source Supply Chain Risks for Linux Teams14 May 2026, 8:02 am
RubyGems temporarily suspended new account registrations this week after threat actors pushed hundreds of malicious packages into the Ruby package ecosystem. At first glance, that may sound like a Ruby-specific problem. It is not....
- Why CI/CD Pipelines Became Targets in Software Supply Chain Attacks14 May 2026, 8:01 am
For years, software security discussions centered on vulnerable code. A bug inside an application could expose a workstation, production server, or cloud workload, so most supply chain conversations focused on malicious packages, outdated dependencies, and exploitable libraries buried somewhere inside the stack. That is no longer the main problem....
- Why Red Hat’s krb5 Update Matters for Linux and Windows Authentication 14 May 2026, 7:40 am
Red Hat released an Important krb5 security update for Red Hat Enterprise Linux 8 this week, addressing two vulnerabilities tracked as CVE-2026-40355 and CVE-2026-40356. On paper, it looks like another Linux package advisory....
- Securing Remote Access to Linux Servers: Best Practices for 202613 May 2026, 9:11 am
Linux runs the internet. More than 96% of the world’s top one million web servers operate on Linux-based systems. That makes every linux server a target by default. Attackers do not go where defenses are strongest; they go where the infrastructure is exposed....
- Why Runtime Monitoring Is Replacing Traditional Linux Logging12 May 2026, 2:18 pm
The problem is not necessarily a lack of security tools. Modern Linux infrastructure changes so quickly that maintaining consistent visibility has become one of the hardest operational problems in cloud security....
- Debian 14 Makes Reproducible Builds Mandatory for Linux Packages12 May 2026, 1:57 pm
Debian 14 “Forky” will begin blocking packages that fail reproducibility checks, marking a major shift in how Linux distributions verify software integrity....
- Why Linux Servers Get Hacked More Often Than People Think11 May 2026, 2:07 pm
Linux runs a massive part of the internet. Cloud platforms, databases, containers, web hosting, APIs, and internal business infrastructure all depend heavily on Linux systems. Most people interact with Linux-backed services every day without realizing it. That popularity also makes Linux server security a constant concern....