npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
[THN : The Hacker News] [23 May 26 @ 18:35]
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming public...
CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack
[Security Affairs] [23 May 26 @ 18:17]
Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vuln...
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
[THN : The Hacker News] [23 May 26 @ 18:07]
A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the...
Why pure extortion is replacing traditional ransomware
[Security Affairs] [23 May 26 @ 15:13]
Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups are quietly changing strategy in 2026. Ins...
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
[THN : The Hacker News] [23 May 26 @ 13:55]
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across ...
Dirty Frag, Copy Fail, Fragnesia: The start of a worrisome Linux security trend
[The Register - Security] [23 May 26 @ 12:59]
Or is it just life today, with AI constantly digging through code repositories in search of security holes?
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
[THN : The Hacker News] [23 May 26 @ 11:51]
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing...
Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets
[Security Affairs] [23 May 26 @ 11:39]
Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwriter (also tracked as UAC-0057 and UNC1151)...
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
[THN : The Hacker News] [23 May 26 @ 09:35]
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates ...
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
[THN : The Hacker News] [23 May 26 @ 09:23]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, base...
A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets
[The Register - Security] [22 May 26 @ 23:18]
Hey, Gemini, how much can we earn from one pump-and-dump cycle?
Friday Squid Blogging: Regulating Squid Fishing in the South Pacific
[Schneier on Security] [22 May 26 @ 23:04]
The South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security sto...
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
[The Register - Security] [22 May 26 @ 20:57]
Will Jason Statham save us?
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
[THN : The Hacker News] [22 May 26 @ 19:35]
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data...
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
[Krebs on Security] [22 May 26 @ 18:34]
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor i...
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
[THN : The Hacker News] [22 May 26 @ 18:20]
The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine's National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian onli...
RemotePE: The Lazarus RAT that lives in memory
[Fox-IT International blog] [22 May 26 @ 16:55]
Authors: Yun Zheng Hu and Mick Koomen Summary Last year, we published research about a North Korean Lazarus subgroup targeting financial and cryptocurrency organizations, encountered during multipl...
Curl patcht bij komende release recordaantal door AI gevonden kwetsbaarheden
[Security.NL maakt Nederland veilig] [22 May 26 @ 16:52]
Curl zal bij de aankomende release een recordaantal kwetsbaarheden verhelpen die door AI-tools zijn gevonden. Het gaat onder ...
CISA Security Leak
[Schneier on Security] [22 May 26 @ 15:58]
Crazy story : Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several high...
Authorities arrest 23-year-old accused of running the Kimwolf botnet
[Security Affairs] [22 May 26 @ 15:57]
Canadian authorities arrested a 23-year-old Ottawa man accused of running the Kimwolf DDoS botnet. The US is now seeking extradition. US authorities have charged 23-year-old Jacob Butler (aka “Dort...
Drupal meldt actief misbruik van zeer kritiek SQL Injection-lek
[Security.NL maakt Nederland veilig] [22 May 26 @ 15:37]
De makers van van Drupal waarschuwen voor actief misbruik van een zeer kritiek SQL Injection-lek (CVE-2026-9082). Via de ...
Valve verwijdert gratis game met infostealer-malware van Steam
[Security.NL maakt Nederland veilig] [22 May 26 @ 15:11]
Valve, ontwikkelaar, uitgever en distributeur van videogames, heeft een game wegens de aanwezigheid van infostealer-malware van ...
Kritieke Ubiquiti-lekken geven aanvaller toegang tot UniFi OS-apparaten
[Security.NL maakt Nederland veilig] [22 May 26 @ 14:50]
Netwerkfabrikant Ubiquiti heeft updates uitgerold voor vijf kwetsbaarheden waardoor aanvallers toegang tot UniFi OS-apparaten ...
Duitse ziekenhuizen lekken gegevens van honderdduizend patiënten
[Security.NL maakt Nederland veilig] [22 May 26 @ 14:12]
Verschillende Duitse ziekenhuizen hebben bij elkaar de persoonlijke gegevens van meer dan honderdduizend patiënten gelekt. De ...
Update Chrome now: Critical bugs could let attackers run code
[Malwarebytes Unpacked] [22 May 26 @ 14:10]
This Chrome update fixes critical flaws attackers could exploit through malicious websites, but not the “Browser Fetch” vulnerability.
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
[THN : The Hacker News] [22 May 26 @ 13:55]
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using t...
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
[THN : The Hacker News] [22 May 26 @ 13:38]
1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was m...
Cel voor man die Telegrambots, teksten en sms-gateways voor phishing verspreidde
[Security.NL maakt Nederland veilig] [22 May 26 @ 13:31]
De rechtbank Rotterdam heeft een 22-jarige man veroordeeld voor het verspreiden van Telegrambots, teksten en sms-gateways die ...
Techie claims Trump Mobile website was leaking thousands of people's data
[The Register - Security] [22 May 26 @ 12:59]
Customers' info potentially handed to anyone who could send an HTTP request
FBI: 25 ransomwaregroepen maakten gebruik van offline gehaalde vpn-dienst
[Security.NL maakt Nederland veilig] [22 May 26 @ 12:24]
Zeker 25 ransomwaregroepen maakten gebruik van First VPN, de vpn-dienst die mede door de Nederlandse politie offline is ...
Politie houdt tweetal aan voor het online verkopen van phishingpanels
[Security.NL maakt Nederland veilig] [22 May 26 @ 12:07]
De politie heeft afgelopen maandag twee 23-jarige mannen uit Bergschenhoek aangehouden op verdenking van het online verkopen ...
AIPAC, AI, Crypto and Gambling Are Hiding Their Big Election Spends
[The Intercept] [22 May 26 @ 12:00]
Intercept staffers break down the latest election news and the front groups fueling the midterms. The post AIPAC, AI, Crypto and Gambling Are Hiding Their Big Election Spends appeared first on The ...
Britse politie pleit voor verplichte leeftijdsverificatie op social media
[Security.NL maakt Nederland veilig] [22 May 26 @ 11:51]
Iedereen die een socialmedia-account aanmaakt moet verplicht zijn leeftijd verifiëren, bijvoorbeeld door het laten controleren ...
Trend Micro waarschuwt voor misbruik van lek in securityplatform Apex One
[Security.NL maakt Nederland veilig] [22 May 26 @ 11:26]
Aanvallers maken actief misbruik van een path traversal-kwetsbaarheid in securityplatform Apex One, zo waarschuwt ...
U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog
[Security Affairs] [22 May 26 @ 11:13]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure S...
Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
[Securelist - Information about Viruses, Hackers and Spam] [22 May 26 @ 11:12]
The experienced Cloud Atlas group remains active, continuing to target government sectors and diplomatic entities in Russia and Belarus, employing both new and established techniques to maintain pe...
Corporate Interests Paid for Haley Stevens' Trip to Portugal — and Her Campaign Ads
[The Intercept] [22 May 26 @ 11:00]
Center Forward sent Stevens — and her mom — to a banking and crypto conference. Now it's spending millions on ads in Michigan. The post Corporate Interests Paid for Haley Stevens’ Trip to Por...
Canadees aangehouden voor beheer van botnet van één miljoen IoT-apparaten
[Security.NL maakt Nederland veilig] [22 May 26 @ 10:51]
De Canadese autoriteiten hebben een 23-jarige Canadese man aangehouden die wordt verdacht van het beheer van een botnet dat uit ...
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
[THN : The Hacker News] [22 May 26 @ 10:50]
The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tan...
Microsoft publiceert script als tijdelijke fix voor Windows BitLocker-lek
[Security.NL maakt Nederland veilig] [22 May 26 @ 10:29]
Microsoft heeft een script gepubliceerd dat als een tijdelijke oplossing moet dienen voor een kwetsbaarheid in Windows ...
Nieuw Linux-lek laat lokale aanvaller SSH-keys stelen en code als root uitvoeren
[Security.NL maakt Nederland veilig] [22 May 26 @ 10:08]
Een nieuwe Linux-kwetsbaarheid maakt het mogelijk voor lokale aanvallers om onder andere SSH-keys te stelen en code als root ...
Politie reageert op phishingbericht en houdt meerdere fraudeverdachten aan
[Security.NL maakt Nederland veilig] [22 May 26 @ 09:30]
De politie heeft zes mensen aangehouden op verdenking van bankhelpdeskfraude. Het gaat om mannen tussen de 14 en 23 jaar oud en ...
One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure
[Security Affairs] [22 May 26 @ 09:29]
Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity. For years, threat intelligence focused mostly on malware f...
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
[THN : The Hacker News] [22 May 26 @ 07:47]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalo...
Cisco used AI to write security incident reports, with mixed results
[The Register - Security] [22 May 26 @ 07:38]
You’ll need a lot of detailed prompts to get solid output - and even then it may have errors and typos
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
[THN : The Hacker News] [22 May 26 @ 07:36]
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 ...
Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware
[Trend Micro Simply Security] [22 May 26 @ 02:00]
Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections.
Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund'
[The Register - Security] [22 May 26 @ 01:03]
'Budgets are moral documents,' Rep. Delia Ramirez said
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
[Krebs on Security] [21 May 26 @ 23:50]
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for ...
U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog
[Security Affairs] [21 May 26 @ 22:27]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency...