Top Stories by Impact

🔐 CISA Alerts Critical

ABB B&R Automation Studio

Yesterday · 12:00 UTC

View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outdated third-party compone…

Read full article →
🔐 CISA Alerts Critical

Hitachi Energy GMS600

Yesterday · 12:00 UTC

View CSAF Summary Hitachi Energy is aware of the vulnerability, CVE-2022-4304 in the OSS component OpenSSL, that affects the GMS600 versions that are listed below. An attacker succ…

Read full article →
🔐 CISA Alerts Critical

ABB Terra AC Wallbox

Yesterday · 12:00 UTC

View CSAF Summary ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause…

Read full article →
🏢 Rapid7 Blog Critical

Q1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement

Yesterday · 13:00 UTC

The first quarter of 2026 reinforced that attackers are moving faster, operating with greater coordination, and exploiting weaknesses before most organizations can respond effectiv…

Read full article →
🏢 Rapid7 Blog Critical

Operationalizing CTEM Faster: Build Surface Command Dashboards in Minutes

20 May 2026 · 12:15 UTC

Modern attack surfaces don’t sit still.Cloud expansion, SaaS sprawl, identity complexity, and shadow IT are continuously reshaping organizational risk. For security leaders, visibi…

Read full article →
🔐 The Hacker News Critical

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Today · 05:36 UTC

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked a…

Read full article →
🔐 The Hacker News Critical

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

Today · 05:47 UTC

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabili…

Read full article →
🏢 Rapid7 Blog Critical

Rapid7’s 2026 Global Cybersecurity Summit: Key Takeaways for Security Leaders

19 May 2026 · 15:22 UTC

Security teams are working in an environment where speed, scale, and complexity are all increasing at the same time. Across the Rapid7 2026 Global Cybersecurity Summit, the focus w…

Read full article →
🔐

Cybersecurity

CISA Alerts

1

ABB B&R Automation Studio

Critical

Yesterday · 12:00 UTC

View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outdated third-party component. Although no successful exploitation…

Read full article →
2

Hitachi Energy GMS600

Critical

Yesterday · 12:00 UTC

View CSAF Summary Hitachi Energy is aware of the vulnerability, CVE-2022-4304 in the OSS component OpenSSL, that affects the GMS600 versions that are listed below. An attacker successfully exploiting this vulnerability c…

Read full article →
3

ABB Terra AC Wallbox

Critical

Yesterday · 12:00 UTC

View CSAF Summary ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which poten…

Read full article →

The Hacker News

1

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Critical

Today · 05:36 UTC

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the…

Read full article →
2

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

Critical

Today · 05:47 UTC

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of a…

Read full article →
3

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

Today · 08:50 UTC

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka…

Read full article →

BleepingComputer

1

Ubiquiti patches three max severity UniFi OS vulnerabilities

Critical

Today · 12:00 UTC

Ubiquiti has released security updates to patch three maximum severity vulnerabilities in Unify OS that can be exploited by remote attackers without privileges. [...]

Read full article →
2

Google accidentally exposed details of unfixed Chromium flaw

Critical

Yesterday · 18:13 UTC

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device. [...]

Read full article →
3

US and Canada arrest and charge suspected Kimwolf botnet admin

Today · 09:01 UTC

U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. [...]

Read full article →

Schneier on Security

1

macOS Kernel Memory Corruption Exploit

High

Yesterday · 16:03 UTC

A group used Anthropic’s Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple’s M5. News article.

Read full article →
2

On AI Security

Medium

20 May 2026 · 14:21 UTC

Good report: Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don’t actually work for measu…

Read full article →
3

Laurie Anderson Is Quoting Me

19 May 2026 · 11:00 UTC

Not by name, but Laurie Anderson quotes me in one of the tracks of her new album: My favorite quote is from a cryptologist who said “If you think technology will solve your problems, you don’t understand technology and y…

Read full article →

Cloudflare Blog

1

Project Glasswing: what Mythos showed us

High

18 May 2026

Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.

Read full article →

CyberScoop

1

Trump postpones executive order focused on AI security

High

Yesterday · 18:37 UTC

Under a draft executive order, the NSA, Treasury Department and other federal agencies would get 90-days to test new models for cybersecurity and national security concerns. The post Trump postpones executive order focus…

Read full article →
2

Lawmakers from both parties say CISA cuts have gone too far

Medium

Yesterday · 20:02 UTC

Reps. Don Bacon, R-Neb., and James Walkinshaw, D-Va., found rare bipartisan agreement that the agency tasked with defending civilian networks has been diminished at a moment when threats from China and others are growing…

Read full article →
3

Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada

Yesterday · 23:24 UTC

Jacob Butler, a 23-year-old from Ottawa, awaits extradition to the United States and faces up to 10 years in prison. The post Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada appeared f…

Read full article →

Infosecurity Magazine

1

Cybercriminal VPN Dismantled in Europol Crackdown

Medium

Yesterday · 15:30 UTC

First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol

Read full article →
2

Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning

Today · 11:30 UTC

The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets

Read full article →
3

Apple Blocked $2.2bn in App Store Fraud in the Last Year

Today · 10:30 UTC

Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn

Read full article →

Krebs on Security

1

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

Medium

Yesterday · 21:50 UTC

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of mass…

Read full article →

Dark Reading

1

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.

Today · 07:01 UTC

The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.

Read full article →
2

Google API Keys Remain Active After Deletion

Yesterday · 20:07 UTC

A security researcher discovered the API keys can still be used for up to 23 minutes after deletion, even though the cloud provider claims deletion is immediate.

Read full article →
3

How CISOs Should Prep for Agentic-Ready AI BOMs

Yesterday · 21:11 UTC

Finding ways to document both component and execution attributes for AI bill of materials (AI BOM).

Read full article →

SANS Internet Storm Center

1

Selective HTTP Proxying in Linux, (Thu, May 21st)

Yesterday · 13:34 UTC

Recently, Rob wrote about a tool, Proxifier, that can intercept requests from specific processes. Proxifier is available for Windows, macOS, and Android. But I have not seen a generic Linux option yet. The advantage of a…

Read full article →
2

Cross-Platform NPM Stealer, (Fri, May 22nd)

Today · 06:14 UTC

I found a Node.js stealer that looked pretty well obfuscated. The file was not running out-of-the-box because it was uploaded on VT as “extracted-decoded.js” (and reformated). The SHA256 is 049300aa5dd774d6c984779a05…

Read full article →
3

ISC Stormcast For Friday, May 22nd, 2026 https://isc.sans.edu/podcastdetail/9942, (Fri, May 22nd)

Today · 02:00 UTC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read full article →

Cybercrime Magazine

1

VIDEO: 2026 CISO Report On How MSSPs Are Filling The CISO Gap For Underserved SMBs

20 May 2026 · 13:46 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 20, 2026 –Watch the YouTube video Cybersecurity Ventures estimates that there are around 35,000 chief information security offic…

Read full article →
2

Young Girls Are The Future Of Cybersecurity

19 May 2026 · 12:39 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 19, 2026 –Watch the YouTube video Betta Lyon Delsordo told Cybercrime Magazine that her journey into ethical hacking began at 13…

Read full article →

Ars Technica

1

Rocket Report: Starship launch delayed, German launch company may aid Canada

Today · 11:20 UTC

All eyes on South Texas for the latest Starship test flight.

Read full article →
2

First vaccines, now mammograms? RFK Jr.’s latest firings have doctors outraged.

Today · 11:30 UTC

Doctors are angry and alarmed that preventive care could go the way of vaccines.

Read full article →
3

The $58,000 TV bill: When DirecTV sued O.J. Simpson for piracy

Today · 11:00 UTC

In 2001, the FBI raided O.J.'s house and found smartcards, bootloaders.

Read full article →
🤖

AI & Technology

VentureBeat AI

1

Google just redesigned the search box for the first time in 25 years — here’s why it matters more than you think.

High

19 May 2026 · 17:45 UTC

For a quarter century, the Google search box has been one of the most recognizable interfaces in computing: a thin white rectangle, a blinking cursor, a few typed words, and a list of blue links. On Tuesday, Google will…

Read full article →

NVIDIA AI Blog

1

NVIDIA GTC Taipei at COMPUTEX: Live Updates on What’s Next in AI

Medium

Yesterday · 16:00 UTC

At NVIDIA GTC Taipei at COMPUTEX, the world’s developers, researchers and industry leaders are converging to dive into the latest breakthroughs shaping every industry, covering topics spanning AI factories and scaling in…

Read full article →
2

License to Stream: ‘007 First Light’ Coming to GeForce NOW With an Ultimate Bundle

Yesterday · 13:00 UTC

The mission begins now. GeForce NOW is dialing up the action with a blockbuster mix of spy thrills, high-speed racing and member rewards — plus eight new games joining the cloud this week, all ready to stream instantly.…

Read full article →
3

NVIDIA and Google Cloud Empower the Next Wave of AI Builders

19 May 2026 · 20:30 UTC

At this year’s Google I/O conference, NVIDIA and Google Cloud are accelerating the work of more than 100,000 developers in the companies’ joint developer community, which provides curated learning paths, hands-on labs an…

Read full article →

MIT Technology Review AI

1

Scaling creativity in the age of AI

Yesterday · 19:16 UTC

Storytelling is core to humanity’s DNA, stemming from our impulse to express ideals, warnings, hopes, and experiences. Technology has always been woven through the medium and the distribution: from early humans’ innovati…

Read full article →
2

Roundtables: Can AI Learn to Understand the World?

Yesterday · 20:41 UTC

Listen to the session or watch below AI companies want to build systems that understand the external world and overcome the limitations of LLMs. Recent developments have brought world models to the forefront of the AI di…

Read full article →
3

Google I/O showed how the path for AI-driven science is shifting

Today · 10:00 UTC

During Tuesday’s Google I/O keynote, Demis Hassabis, the CEO of Google DeepMind, proclaimed that we are currently “standing in the foothills of the singularity.” It was a striking statement—the singularity is the theoret…

Read full article →

The Verge

1

Microsoft is letting Office users remove an annoying Copilot button

Today · 09:52 UTC

Microsoft is rolling out Office app updates next week that allow users to disable a floating Copilot button. The button appeared in Word, Excel, and PowerPoint in recent weeks, and floats above the bottom right-hand sect…

Read full article →
2

Samsung’s memory chip employees negotiated $340,000 bonuses this year

Today · 11:05 UTC

Details have emerged about a tentative deal struck between Samsung and semiconductor employees who had threatened to strike. The deal reportedly makes some workers eligible for average annual bonuses of $340,000. The pro…

Read full article →
3

Microsoft’s consumer marketing chief to leave next year

Today · 10:57 UTC

Yusuf Mehdi, executive vice president and consumer chief marketing officer at Microsoft, is leaving the company after 35 years. Mehdi announced his departure in an internal memo on Thursday, noting that he will leave Mic…

Read full article →

AI News

1

OpenAI opens Singapore AI lab as IMDA updates AI framework

Today · 10:00 UTC

OpenAI will open its first Applied AI Lab outside the US in Singapore. The lab is part of a new partnership with the Ministry of Digital Development and Information. The initiative, called OpenAI for Singapore, was annou…

Read full article →
2

China’s AI just mapped its entire renewable energy grid. Here’s why the rest of the world should pay attention

Today · 10:00 UTC

Every major economy is staring at the same problem right now. Artificial intelligence is consuming electricity at a pace that grids were never designed to handle. In the US, capacity market prices in PJM, the country’s l…

Read full article →
3

Musk and Zuckerberg convinced Trump to scrap AI executive order

Today · 09:00 UTC

The ceremony was scheduled. The CEOs were on the guest list. And then it wasn’t happening. On Thursday, US President Donald Trump scrapped a planned AI executive order, which had already been delayed multiple times, citi…

Read full article →

The Guardian Technology

1

Mars colony and Grok warnings: five strange details in SpaceX’s pitch to investors

Today · 09:00 UTC

IPO filing from Elon Musk’s company reveals closer look at finances, cosmic ambitions and tech empire’s quirksSpaceX publicly released an investor prospectus on Wednesday as part of its plan for a $1.75tn debut on the US…

Read full article →
2

Nvidia’s revenue blows past Wall Street expectations as AI boom accelerates

20 May 2026 · 22:45 UTC

Many analysts view company’s financial performance as a broader referendum on AI buildoutNvidia continued its years-long streak of beating Wall Street’s expectations for growth on Wednesday, reassuring most investors tha…

Read full article →
3

Spotify and Universal Music agree deal to let subscribers create AI remixes

Yesterday · 20:24 UTC

Licensing agreement will allow listeners to use AI to create content on streaming platform for first timeSpotify and Universal Music Group have agreed on a deal that will allow subscribers to generate song covers and rem…

Read full article →

ABC Technology (AU)

1

Premier's fracking warning over possible gas shortfall sparks outrage

Today · 02:42 UTC

Roger Cook raises the prospect of gas fracking in WA's Kimberley region, warning the state could face future energy shortfalls if Woodside Energy's massive Browse project does not proceed.

Read full article →
2

Pacific leaders warned of 'prolonged' fuel crisis as new plan endorsed

Today · 08:52 UTC

A taskforce will see leaders get a better idea of threats to energy deliveries, while Australia and New Zealand provide expert analysis on future supply.

Read full article →
3

Rex Airlines announces service cuts in Victoria and Tasmania

Today · 06:56 UTC

The embattled carrier has announced it is ceasing some services and reducing others.

Read full article →

TechCrunch AI

1

Trump delays AI security executive order, saying language ‘could have been a blocker’

Yesterday · 17:30 UTC

President Trump delayed signing an executive order that would have required pre-release government security reviews of AI models, citing dissatisfaction with the order's language.

Read full article →
2

Spotify and Universal Music strike deal allowing fan-made AI covers and remixes

Yesterday · 19:45 UTC

Spotify is partnering with Universal Music Group to let Premium subscribers create AI-generated song covers and remixes, with participating artists receiving a share of the revenue.

Read full article →
3

Six search engines worth trying now that Google isn’t really Google anymore

Yesterday · 19:19 UTC

Google is about to look really different, and if you're not a fan of the AI overview feature, then you're not going to like what's coming.

Read full article →

Wired AI

1

The Gulf’s AI Boom Has an Undersea Cable Problem

Today · 09:00 UTC

Hyperscalers are pushing the Gulf to rethink internet infrastructure as AI raises the stakes of cable disruptions.

Read full article →
2

Can OpenAI’s ‘Master of Disaster’ Fix AI’s Reputation Crisis?

Today · 00:04 UTC

Global affairs chief Chris Lehane wants to tone down the debate over AI’s societal impacts—and get states to pass laws that won’t derail OpenAI’s meteoric rise.

Read full article →
3

Meta Is in Crisis, Google Search’s Makeover, and AI Gets Booed by Graduates

Yesterday · 20:44 UTC

In this episode of Uncanny Valley, we unpack the mass layoffs at Meta, big announcements at Google I/O, and the latest backlash against AI.

Read full article →

Ars Technica AI

1

As Grok flounders, SpaceX bets future on beating Big Tech at AI

Yesterday · 21:51 UTC

SpaceX IPO filing pitches orbital data centers as Grok lags rival AI services.

Read full article →
2

Buckle up: Google is set to remake search with agentic AI in 2026

20 May 2026 · 17:31 UTC

Google's AI search evolution is accelerating at I/O 2026.

Read full article →
3

The Internet can't stop watching Figure AI's humanoid robots handling packages

20 May 2026 · 11:00 UTC

Figure AI's 24/7 livestream showcases human soft spot for humanoid robots.

Read full article →

Google DeepMind

1

We’re launching the Google DeepMind Accelerator program in Asia Pacific to tackle environmental risks

Yesterday · 19:46 UTC

Read full article →

ITNews Australia

1

CBA looks to AI for workforce planning

Yesterday · 20:45 UTC

Automated continuous follow-up coming into view.

Read full article →
2

PsiQuantum to build computer at Moreton Bay

Yesterday · 20:42 UTC

Instead of near Brisbane Airport.

Read full article →
3

US to invest in IBM, other quantum computing firms

Yesterday · 20:15 UTC

Looks for leadership in the emerging technology.

Read full article →
🏢

Vendor Security

Rapid7 Blog

1

Q1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement

Critical

Yesterday · 13:00 UTC

The first quarter of 2026 reinforced that attackers are moving faster, operating with greater coordination, and exploiting weaknesses before most organizations can respond effectively. From escalating geopolitical tensio…

Read full article →
2

Operationalizing CTEM Faster: Build Surface Command Dashboards in Minutes

Critical

20 May 2026 · 12:15 UTC

Modern attack surfaces don’t sit still.Cloud expansion, SaaS sprawl, identity complexity, and shadow IT are continuously reshaping organizational risk. For security leaders, visibility isn’t the challenge anymore, but ac…

Read full article →
3

Rapid7’s 2026 Global Cybersecurity Summit: Key Takeaways for Security Leaders

Critical

19 May 2026 · 15:22 UTC

Security teams are working in an environment where speed, scale, and complexity are all increasing at the same time. Across the Rapid7 2026 Global Cybersecurity Summit, the focus was not just on how the threat landscape…

Read full article →

Palo Alto Unit 42

1

The npm Threat Landscape: Attack Surface and Mitigations (Updated May 21)

Critical

Yesterday · 15:30 UTC

Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 21)…

Read full article →
2

Paved With Intent: ROADtools and Nation-State Tactics in the Cloud

Today · 10:00 UTC

Open-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use. The post Paved With Intent: ROADtools and Nation-State Tactics in the Cloud appeared first…

Read full article →
3

Tracking TamperedChef Clusters via Certificate and Code Reuse

20 May 2026 · 10:00 UTC

Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Tracking TamperedChef Clusters via Certificate and Code Reuse appear…

Read full article →

StepSecurity

1

5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough

Critical

Yesterday · 07:23 UTC

A poisoned VS Code extension breached GitHub. A trojanized PyPI package hit Microsoft. Compromised GitHub Actions and a self-spreading npm worm targeted thousands more. In just 48 hours, attackers hit every layer of the…

Read full article →
2

Nx Console VS Code Extension Compromised

Today · 05:40 UTC

Nx Console VS Code Extension Compromised

Read full article →
3

Dev Machine Guard Now Scans Extensions Across Every Modern IDE

Yesterday · 14:20 UTC

Dev Machine Guard now scans IDE extensions across VS Code, Cursor, Windsurf, JetBrains IDEs, Android Studio, Eclipse, and Xcode on macOS, Windows, and Linux. Get a unified inventory, extension risk scoring, typosquat det…

Read full article →

Microsoft Threat Intel

1

Exposing Fox Tempest: A malware-signing service operation

Critical

19 May 2026 · 15:07 UTC

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to more effectively distribute malicious code…

Read full article →

Kaspersky Securelist

1

How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

Critical

20 May 2026 · 09:02 UTC

We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).

Read full article →
2

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

Today · 09:12 UTC

Cloud Atlas attacks the public sector and diplomatic structures of Russia and Belarus, using ReverseSocks, SSH, and Tor for persistence in infected systems and its new tool, PowerCloud.

Read full article →

AWS Security

1

Automating identity lifecycle and security with AWS Directory Service APIs

High

Yesterday · 16:00 UTC

Managing identities and access across complex environments has become more critical than ever. AWS Directory Service for Managed Microsoft Active Directory, also known as AWS Managed Microsoft AD, has added new capabilit…

Read full article →
2

AWS KY3P report now available for third-party supplier due diligence

Yesterday · 19:58 UTC

We’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture. This assessment demonstrates our continued commitment to meet the hei…

Read full article →
3

Why Policy in Amazon Bedrock AgentCore chose Cedar for securing agentic workflows

20 May 2026 · 20:56 UTC

Agents have agency: they adapt and find multiple ways to solve problems. This autonomy creates a fundamental security challenge: the large language model (LLM) at the heart of the agent is non-deterministic, and its deci…

Read full article →

Microsoft Security

1

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

High

20 May 2026 · 17:48 UTC

Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials across GitHub, AWS, Kuber…

Read full article →
2

What’s new in Microsoft Security: May 2026

Medium

Yesterday · 16:00 UTC

Microsoft Security’s latest updates extend visibility, control, and protection across expanding ecosystems as organizations accelerate AI adoption. The post What’s new in Microsoft Security: May 2026 appeared first on Mi…

Read full article →
3

Securing the gaming culture of cultures

20 May 2026 · 16:00 UTC

Read about the unique challenges and rewards of securing gaming platforms and how to better protect gaming communities. The post Securing the gaming culture of cultures appeared first on Microsoft Security Blog.

Read full article →

Cisco Talos

1

TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities

High

19 May 2026 · 15:39 UTC

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN.The vulnerabilities mentioned in this blog…

Read full article →
2

From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat

19 May 2026 · 10:00 UTC

Cisco Talos has uncovered a BadIIS variant — identifiable by its embedded "demo.pdb" strings — that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under…

Read full article →
3

The art of being ungovernable

Yesterday · 18:00 UTC

In this edition of the Threat Source newsletter, William explores the value of being "ungovernable" in a professional setting, sharing how challenging the status quo and seeking out the smartest people in the room can le…

Read full article →

Proofpoint Threat Insight

1

Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude

Yesterday · 16:34 UTC

Read full article →

CrowdStrike Blog

1

New Claude Integration Brings Audit Data into the Falcon Platform

Yesterday · 05:00 UTC

Read full article →
2

How to Protect Identities and Sessions from Infostealers

20 May 2026 · 05:00 UTC

Read full article →

OpenAI News

1

AdventHealth advances whole-person care with OpenAI

Yesterday · 12:00 UTC

AdventHealth is using ChatGPT for Healthcare to streamline workflows, reduce administrative burden, and return more time to patient care.

Read full article →
2

How Ramp engineers accelerate code review with Codex

20 May 2026 · 00:00 UTC

How Ramp engineers use Codex with GPT-5.5 to review code and ship improvements, allowing them to get substantive feedback in minutes instead of hours.

Read full article →
3

The next phase of OpenAI’s Education for Countries

20 May 2026 · 00:00 UTC

OpenAI advances Education for Countries, expanding AI adoption in schools with new partnerships, teacher training, and tools to improve global learning outcomes.

Read full article →

GitHub Security Blog

1

Investigating unauthorized access to GitHub-owned repositories

20 May 2026 · 21:07 UTC

If any impact is discovered, customers will be notified via established incident response and notification channels. The post Investigating unauthorized access to GitHub-owned repositories appeared first on The GitHub Bl…

Read full article →