When Identity is the Attack Path
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and the key stored itself automatically.…
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Ravie LakshmananMay 21, 2026Linux / Vulnerability Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS…
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Ravie LakshmananMay 21, 2026Web Security / Vulnerability Drupal has released security updates for a «highly critical» security vulnerability in Drupal Core that could be exploited by attackers to achieve remote…
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
Ravie LakshmananMay 21, 2026Supply Chain Attack / Developer Tools GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee…
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Ravie LakshmananMay 20, 2026Artificial Intelligence / Security Testing Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence…
Agent AI is Coming. Are You Ready?
The Hacker NewsMay 20, 2026Identity Security / Enterprise Security New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot…
admin
- Attacks
- MalwareSigning
- mayo 20, 2026
- 0 Comentarios
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of…
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or…
Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires. Download the…
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Ravie LakshmananMay 20, 2026Vulnerability / Encryption Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked…
