Cloud security, container security, network security, service outages, infrastructure incidents
A supply chain attack has compromised 32 Red Hat npm packages, with attackers publishing 96 malicious package versions. These versions contained a credential-stealing worm, reportedly similar to Mini Shai-Hulud.
A supply chain attack has compromised dozens of Red Hat packages via its official NPM channel. Attackers injected malicious code into these packages, which were then distributed to users through the official Red Hat registry.
Dashlane password manager is investigating reports of users being locked out of their accounts due to brute-force attacks. These attacks appear to originate from unknown locations and devices, with attackers attempting multiple login attempts. Dashlane is working to address the issue and has stated that no user data has been compromised.
Oracle has released its first monthly Critical Security Patch Update (CSPU) for May 2026, addressing 35 vulnerabilities, including 11 rated as critical. Among these are several flaws with publicly available exploit code, some of which have been known for a considerable time, highlighting ongoing challenges with patching embedded open-source components.
Microsoft is investigating an ongoing incident that is preventing users of Microsoft Teams and Office for the web from accessing and opening files. The issue appears to be related to issues with accessing files from SharePoint and OneDrive, impacting users across various platforms and devices.
Palo Alto Networks is urging users to patch a critical authentication bypass vulnerability in its PAN-OS GlobalProtect VPN, which is being actively exploited in the wild. Adversaries have already launched two waves of attacks leveraging this flaw, highlighting the urgency for defenders to apply the necessary security updates.
Attackers are actively exploiting a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS software. This flaw allows unauthorized access to VPNs, necessitating urgent patching for affected users and organizations.
CISA has added CVE-2024-21182, an unspecified vulnerability in Oracle WebLogic Server, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation, posing significant risks to federal networks. Federal agencies are required to remediate this vulnerability, and CISA strongly encourages all organizations to prioritize its patching.
Microsoft has resolved an issue that was preventing customers from setting up multi-factor authentication (MFA) and accessing the My Sign-Ins service. The outage impacted users globally, causing difficulties in managing security settings. Services have now been restored, allowing normal access and MFA configuration.
Microsoft is experiencing an outage that is preventing customers from setting up multi-factor authentication (MFA) and accessing the My Sign-Ins platform. The company is actively working to resolve the issue.
A 19-year-old Linux kernel vulnerability, known as CIFSwitch, has been disclosed with a proof-of-concept exploit available. This flaw allows low-privileged users to gain root access on affected systems.
Password manager Dashlane has suspended customer accounts due to a surge in brute-force attacks. The company's automated security measures triggered the suspensions to protect user data from unauthorized access.
Microsoft has released a fix for installation problems affecting the May 2026 Windows 11 security update, identified as KB5089549. The update was experiencing installation failures, often accompanied by the error code 0x800f0922, preventing users from successfully applying the security patch.
Russia is reportedly surveying Britain's subsea cables with submarines, prompting the UK to deploy the Royal Navy and mobilize parliamentary draftsmen. Proposed legislation aims to impose fines and prison sentences for reckless damage to critical infrastructure like these cables.
Hackers have been actively exploiting a critical authentication bypass vulnerability, identified as CVE-2026-0257, in Palo Alto Networks' PAN-OS software. The exploitation began just four days after the vulnerability was publicly disclosed.
Oracle WebLogic Server has an unspecified vulnerability allowing unauthenticated network attackers to compromise the server via T3 or IIOP protocols. Successful exploitation can lead to unauthorized access to critical or all accessible data.
Palo Alto Networks has issued a warning that a critical authentication bypass flaw in its GlobalProtect VPN, identified as CVE-2026-0257, is actively being exploited by attackers to compromise corporate networks. The vulnerability allows unauthenticated attackers to bypass authentication and gain access to sensitive systems.
A new Linux kernel vulnerability named CIFSwitch has been discovered, enabling local privilege escalation. Attackers can exploit this flaw to forge CIFS authentication key descriptions and gain root access on affected systems.
Palo Alto Networks has issued a warning that a medium-severity authentication bypass vulnerability in PAN-OS and Prisma Access, tracked as CVE-2026-0257, is currently being actively exploited in the wild. Attackers can exploit this flaw to establish unauthorized VPN connections.
Researchers have identified an exploit chain that leverages over-permissioned cloud roles, secrets discovery, and non-human identities to compromise automation services. This vulnerability chain highlights how seemingly small misconfigurations in complex cloud environments can lead to significant security breaches.
Google has rolled out its Device Bound Session Credentials (DBSC) security feature to all Chrome users. This new feature aims to prevent account takeovers by protecting against session cookie theft, a common method used by attackers.
Communities across the US are protesting the rapid construction of AI data centers, voicing concerns that have escalated from local zoning issues to national political debates. Residents are demanding moratoriums on new data center development as these facilities proliferate.
IBM and Red Hat are launching Project Lightwell, a new initiative backed by a $5 billion investment and 20,000 engineers, to create an 'enterprise clearinghouse' for open source applications. This AI-powered platform aims to accelerate the discovery and remediation of vulnerabilities in open source software, addressing the challenge of rapid patching in enterprise environments.
A critical authentication bypass vulnerability (CVE-2026-0257) has been identified in Palo Alto Networks PAN-OS, allowing unauthorized VPN connections. Federal agencies must apply mitigations by June 1, 2026, or discontinue product use if mitigations are unavailable.
Snowflake has acquired Natoma, a data security startup focused on preventing unauthorized access and data leakage. This acquisition aims to bolster Snowflake's security offerings, particularly in protecting sensitive data from rogue agents and insider threats.
The recent Canvas attack, which targeted unpatched VPNs and exploited unpatched vulnerabilities, highlights the persistent risks associated with legacy systems and the need for robust patch management. Attackers exploited known vulnerabilities to gain initial access, demonstrating that even well-publicized flaws can be leveraged for significant impact.
Microsoft's May security update for Windows Server has introduced a bug that affects the functionality of hostnames exceeding 15 characters. This issue specifically impacts servers using Active Directory, causing problems with secure channel communication and potentially disrupting domain services.
An unpatched zero-day vulnerability in the Gogs self-hosted Git service has been discovered. This flaw allows attackers to achieve remote code execution on exposed instances.
Managed Service Providers (MSPs) often face an overwhelming volume of security alerts, making it difficult to identify genuine threats. Kaseya highlights how Security Information and Event Management (SIEM) solutions can help MSPs cut through this 'noise' by improving visibility, reducing alert fatigue, and enabling faster threat response.
IBM and Red Hat are investing $5 billion in "Project Lightwell" to strengthen the security of open-source software supply chains. This initiative aims to address vulnerabilities without disrupting existing production systems.
CISA has issued an alert for a critical vulnerability (CVE-2026-7786) in Jinan USR IOT Technology Limited's USR-W610 RS232/485 to Wi-Fi/Ethernet Converter. The vulnerability stems from hard-coded administrative credentials embedded in the firmware, which can be exploited for administrator access. The affected product is deployed worldwide, including in critical manufacturing sectors.
CISA has issued an alert regarding a critical vulnerability in KMW CCTV Security Cameras, specifically versions KM-IP521 IPCAM_V4.04.91.230307 and KM-IP421 IPCAM_V4.04.53.210416. The vulnerability, CVE-2026-5386, allows for unauthenticated remote password resets, granting attackers full control over camera feeds and settings. KMW has released a firmware update to address this flaw, along with recommended mitigation steps for network segmentation and regular updates.
The Fourth Frontier Frontier X Mobile Application and Frontier X2 devices have a critical vulnerability (CVE-2026-5768) that allows unauthenticated attackers to read and write arbitrary handle values, change clinical readings, and take control of the device. Successful exploitation could lead to patient harm. Affected versions include Frontier X Android app <v15.0.0, Frontier X iOS app <v25.0.0, and Frontier X2 version all.
A stored Cross-Site Scripting (XSS) vulnerability, CVE-2026-6824, has been identified in CP Plus 8 Ch. Network Video Recorder devices. Successful exploitation allows attackers to inject malicious scripts that execute in the browser of authenticated users, potentially leading to session hijacking and data theft.
ABB has acknowledged vulnerabilities in specific versions of their Busch-Welcome 2 Wire Door Opener Actuator. An attacker could exploit these vulnerabilities to gain unauthorized physical access to buildings where the product is installed. The primary vulnerability is due to an 'Active Debug Code' that allows for an authentication bypass when compatibility mode is enabled by default.
This CISA alert details multiple critical vulnerabilities in XCharge C6 charging stations, including issues with firmware updates, buffer overflows, and insecure default resource initialization. Successful exploitation could grant an attacker administrator rights or allow code execution on affected devices.
ABB is aware of multiple vulnerabilities in its EIBPORT product versions. A firmware update is available to resolve these issues, which could allow an attacker to access sensitive information and change device configurations.
Schneider Electric has identified a vulnerability in its EcoStruxure Machine Expert HVAC software, specifically in versions prior to 1.10.0. This vulnerability, CVE-2026-6332, allows for the cleartext storage of sensitive information, potentially leading to the disclosure of protected source code and a loss of confidentiality.
CISA has issued an alert regarding multiple vulnerabilities in the MacGregor Voyage Data Recorder (VDR) G4e, specifically related to insecure credential management. Successful exploitation could grant an attacker administrator access to the device.
A critical vulnerability in Gitea, a popular open-source Git service, allowed attackers to access private container images. This exposure could lead to the compromise of source code, credentials, and underlying infrastructure for approximately 30,000 deployments.
Organizations are rapidly deploying AI agents without sufficient oversight, leading to potential negative consequences and a lack of transparency in decision-making processes. Experts warn that a "set it and forget it" approach is dangerous, as many companies lack the ability to audit or centrally control their AI systems.
A recent Okta survey reveals that over half of organizations experienced an AI-related security incident or near miss in the past year. This highlights a significant blind spot for many businesses, with leaders often overestimating their awareness of shadow AI usage by employees.
Specops Software offers strategies for enforcing strong Active Directory password policies without alienating users. These strategies include implementing passphrases, utilizing breached password protection, and enabling self-service password resets.
Lastwall has successfully raised $11.5 million in funding, primarily led by BDC Capital's StrongNorth Fund. This investment is intended to fuel the company's expansion into the North American market with its quantum-resilient identity platform.
A vulnerability in the open-source Gitea platform allows unauthenticated attackers to access private container images. This flaw affects all versions of Gitea before 1.26.2 and could lead to unauthorized exposure of sensitive containerized data.
CISA has issued a directive to U.S. federal agencies, mandating they patch a critical vulnerability in the LiteSpeed cPanel user-end plugin within four days. This vulnerability is currently being actively exploited in the wild, posing an immediate threat to federal systems.
LA Metro has experienced a cyberattack that has been linked to Iranian state-sponsored hackers. Although a hacktivist group claimed responsibility, evidence suggests the involvement of Iranian government threat actors using their infrastructure.
Microsoft has released the KB5089573 preview cumulative update for Windows 11 versions 25H2 and 24H2. The update includes 30 changes focused on improving performance and reliability within the operating system.
Data Security Posture Management (DSPM) tools help security teams identify and manage risks associated with sensitive data across cloud and on-premises environments. These tools aim to locate 'shadow data' and complement Cloud Security Posture Management (CSPM) by focusing on data consumption and potential exposure.
CISA is urging immediate patching of a zero-day vulnerability in a LiteSpeed cPanel plugin that has been exploited in the wild. The vulnerability allows for the execution of scripts with root privileges.
