Human IT managers thought they were being nice to the boss, but were assisting a threat actor This article has been indexed from www.theregister.com – Articles Read the original article: To gain root access at this company, all an intruder…
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score:…
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of…
Gentlemen RaaS Exploits Fortinet and Cisco Edge Devices for Initial Access
The Gentlemen ransomware-as-a-service (RaaS) operation is turning exposed Fortinet and Cisco edge devices into a fast lane into enterprise networks and doing it at scale. What began as a rising RaaS brand in mid‑2025 has, by early 2026, evolved into…
AI models are getting better at replacing cybersecurity pros on certain tasks
UK researchers find LLMs are learning to finish jobs faster and improving all the time This article has been indexed from www.theregister.com – Articles Read the original article: AI models are getting better at replacing cybersecurity pros on certain tasks
Vector embedding security gap exposes enterprise AI pipelines
Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies deploying internal AI assistants convert documents into high-dimensional numerical vectors and ship them to embedding services and vector…
PoC Exploit Released for Fragnesia Linux Flaw Enabling Root Access
A newly discovered Linux local privilege escalation vulnerability, dubbed “Fragnesia,” is sending shockwaves through the cybersecurity community. This critical flaw grants attackers immediate root access to compromised systems. A Proof of Concept (PoC) exploit is already available online, escalating the…
Foxconn Hit by Cyberattack, Nitrogen Ransomware Gang Claims Involvement
In a massive blow to the global electronics supply chain, manufacturing giant Foxconn has confirmed a major cyberattack on its North American operations. The notorious Nitrogen ransomware gang has claimed responsibility, boasting that it stole a staggering 8 terabytes of…
Abrigo – 711,099 breached accounts
In April 2026, the fintech software company Abrigo was targeted in a “pay or leak” extortion attempt by the ShinyHunters group. Shortly after, data allegedly taken from the company’s Salesforce instance was published publicly and contained over 700k unique email…
Closing the AI governance gap in your enterprise
In this Help Net Security video, Casey Bleeker, CEO at SurePath AI, talks about the AI governance gap that exists in almost every organization. Drawing from three years of conversations with IT, business, and security leaders, Casey explains why AI…
Windows BitLocker 0-Day Vulnerability Exposes Encrypted Drives to Unauthorized Access
A newly disclosed Windows zero-day, YellowKey, is attracting significant attention because it can bypass BitLocker protection and expose data on encrypted drives without requiring the victim’s recovery key in the public attack scenario described by researchers and media reports. The…
Seedworm APT Abuses Signed Binaries for DLL Sideloading
Seedworm also known as MuddyWater, Temp Zagros, and Static Kitten is widely attributed to Iran’s Ministry of Intelligence and Security (MOIS). An Iran-linked cyber-espionage group has launched a stealthy global campaign, abusing trusted software to infiltrate high-value targets quietly. The…
Windows BitLocker 0-Day Vulnerability Enables Access to Encrypted Drives
Two new unpatched Windows BitLocker zero-day vulnerabilities significantly compromise Microsoft’s ecosystem. The exploits include a critical BitLocker encryption bypass called YellowKey and a privilege escalation flaw named GreenPlasma. The most critical of these flaws, dubbed “YellowKey,” enables a total bypass…
Over 70% of organizations hit by identity breaches
Attackers rely on stolen credentials, compromised service accounts, and social engineering attacks targeting employees, according to Sophos’ The State of Identity Security 2026 survey. What do you estimate to be the overall cost to your organization to rectify the identity…
ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, May 14th, 2026…
Machine identities outnumber humans 109 to 1
Organizations manage an average of 109 machine identities for every human identity. AI agents account for a growing share of those identities, with companies expecting AI agent growth of 85% over the next 12 months. Machine identities are projected to…
IT Security News Hourly Summary 2026-05-14 06h : 2 posts
2 posts were published in the last hour 4:4 : Maryland’s New Grocery Pricing Rules Leave Critics Unconvinced 4:4 : Automated OAuth Abuse by ConsentFix v3 Raises Azure Security Concerns
Cisco to fire 4,000 staff and generously give them free training – on Cisco
Reducing memory requirements to control costs in a new wave of kit This article has been indexed from www.theregister.com – Articles Read the original article: Cisco to fire 4,000 staff and generously give them free training – on Cisco
Maryland’s New Grocery Pricing Rules Leave Critics Unconvinced
Despite the increasing acceptance of algorithmic pricing systems in today’s retail ecosystem, Maryland has taken action to establish the first statewide legal ban on grocery pricing that incorporates consumer surveillance data. Upon signing House Bill 895 into law on…
Automated OAuth Abuse by ConsentFix v3 Raises Azure Security Concerns
Researchers discovered that a newly identified phishing framework called ConsentFix v3 is having a direct impact on identity-based attacks in cloud environments after finding its ability to systematically compromise Microsoft Azure accounts using automated OAuth abuse. The latest iteration…
IT Security News Hourly Summary 2026-05-14 03h : 2 posts
2 posts were published in the last hour 1:2 : TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack 0:32 : Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack
TeamPCP claims to be selling alleged Mistral AI repositories on a hacker forum after the Mini Shai-Hulud attack targeted npm and PyPI ecosystems. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
Our research examines the April 22 Checkmarx KICS and April 24 elementary-data incidents as part of a broader TeamPCP supply chain campaign. Across both cases, the actor abused trusted CI/CD and release workflows to steal credentials at scale. This article…
Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits
Palo Alto Networks found and fixed 75 flaws this month, up from its usual five This article has been indexed from www.theregister.com – Articles Read the original article: Welcome to the vulnpocalypse, as vendors use AI to find bugs and…