Microsoft has reversed its position on Edge’s password handling after initially defending the practice as intentional design. This article has been indexed from CyberMaterial Read the original article: Microsoft Edge fixes plaintext password storage
Grafana Labs GitHub breach – code downloaded
Grafana Labs confirmed Sunday that attackers gained unauthorized access to its GitHub environment and successfully downloaded the company’s codebase. This article has been indexed from CyberMaterial Read the original article: Grafana Labs GitHub breach – code downloaded
Linus Torvalds: AI Bug Reports Overwhelm Linux Security List
The Linux kernel project is implementing stricter rules for AI-assisted bug reports after project leader Linus Torvalds warned that automated security submissions have made the kernel security mailing list almost unmanageable. This article has been indexed from CyberMaterial Read the…
How a government contest launched a revolution in AI-based bug hunting
Security researchers have spent months honing AI systems that can find and fix serious vulnerabilities. Critical infrastructure everywhere could benefit. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: How a government contest launched…
The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed
The Gentlemen ransomware gang suffered an internal breach in May 2026, exposing victim data, affiliate activity, and backend operations. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: The Gentlemen…
Critical NGINX Vulnerability Lets Hackers Launch Remote Code Execution Attacks
A newly disclosed vulnerability in NGINX is already being actively exploited, raising serious concerns across the global cybersecurity community. Tracked as CVE-2026-42945, the flaw affects both NGINX Open Source and NGINX Plus, potentially allowing attackers to crash servers or execute…
Zero-Day Exploit Against Windows BitLocker
It’s nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption…
Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets
Four malicious npm packages capable of stealing SSH keys, cloud credentials, cryptocurrency wallets, and environment variables, while one variant quietly transforms infected machines into a DDoS botnet. The campaign appears to be the work of a single threat actor deploying…
Linus Torvalds Says AI Bug Reports Have Made Linux Security Mailing List Unmanageable
Linus Torvalds has warned that a “continued flood” of AI‑generated bug reports is making the Linux security mailing list “almost entirely unmanageable.” The project is now tightening rules on how AI‑found issues should be reported and handled. In the Linux 7.1‑rc4…
7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand
The hackers claimed to have stolen more than 600,000 Salesforce records, including personal information and corporate data. The post 7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Paper Werewolf APT Spreads EchoGather RAT via Fake Adobe Installer
A sophisticated Russian-language threat cluster known as Paper Werewolf (also tracked as GOFFEE) has launched a fresh wave of targeted cyberattacks against Russian industrial, financial, and transport organizations between March and April 2026. The attack begins with a phishing email carrying a…
Microsoft is changing Edge’s plaintext password behavior
Saved passwords in Microsoft Edge will no longer sit in plaintext memory for the entire browser session after a researcher raised concerns. This article has been indexed from Malwarebytes Read the original article: Microsoft is changing Edge’s plaintext password behavior
F-35 software delays leave UK buying time with US glide bombs
MoD says StormBreaker will plug gap until homegrown SPEAR 3 integration lands This article has been indexed from www.theregister.com – Articles Read the original article: F-35 software delays leave UK buying time with US glide bombs
Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE
The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug. The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
NCSC Publishes Guidance on Securing Agentic AI Use
The UK’s National Cyber Security Centre is helping organizations to understand agentic AI security risks This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Publishes Guidance on Securing Agentic AI Use
IT Security News Hourly Summary 2026-05-18 12h : 10 posts
10 posts were published in the last hour 10:3 : An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings 10:2 : Mozilla warns UK: Breaking VPNs will not magically fix Britain’s age-check mess 10:2 : First Shai-Hulud…
An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings
David Norman, a former Phoenix police officer who’s described himself as “a fucking savage,” now runs a company that provided training to Homeland Security’s Special Response Teams. This article has been indexed from Security Latest Read the original article: An…
Mozilla warns UK: Breaking VPNs will not magically fix Britain’s age-check mess
Firefox maker says the tools are basic security infrastructure, not teenage contraband This article has been indexed from www.theregister.com – Articles Read the original article: Mozilla warns UK: Breaking VPNs will not magically fix Britain’s age-check mess
First Shai-Hulud Worm Clones Emerge
At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Security Researchers Find 47 Zero-Days at Pwn2Own Berlin
The research community was awarded $1.3m as it found dozens of novel vulnerabilities at Pwn2Own Berlin This article has been indexed from www.infosecurity-magazine.com Read the original article: Security Researchers Find 47 Zero-Days at Pwn2Own Berlin
Microsoft Acknowledges Windows 11 Update Failure Linked to Error 0x800f0922
Microsoft has acknowledged a growing issue affecting Windows 11 users: the May 2026 cumulative update (KB5089549) fails to install, resulting in error code 0x800f0922. The problem is affecting systems running Windows 11 versions 24H2 and 25H2, raising concerns among enterprise…
Hackers Abuse Cloudflare Storage to Exfiltrate Network Files
A sophisticated cyber espionage campaign targeting multiple Malaysian organizations has been uncovered, revealing a highly structured attack chain that blends custom tooling, cloud infrastructure, and stealthy data exfiltration. At the center of the operation is an Azure virtual machine (IP:…
Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix
MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma,…
Microsoft discloses Exchange zero-day with no patch yet available
Microsoft has disclosed a zero-day vulnerability that affects Exchange Server 2016, 2019, and Subscription Edition. This vulnerability would give bad actors an opportunity to run arbitrary code remotely on the Exchange server. Although Microsoft has not issued any patches for this security vulnerability, they…