Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date This article has been indexed from www.infosecurity-magazine.com Read the original article: Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
7-Eleven hit by data breach
The retailer confirmed that an unauthorized third party gained access to certain systems used to store franchisee documents earlier this spring. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: 7-Eleven hit by data…
On AI Security
Good report: Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don’t actually work for measuring AI capabilities…
Critical flaw in software powering a third of the internet is already being exploited – free checker now available
A critical security vulnerability in NGINX, the web server software underpinning more than 30% of all websites globally, has been confirmed as actively exploited in the wild, less than a week after its public disclosure. The flaw, tracked as CVE-2026-42945…
NanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw
NanoCo announced a $12 million seed round, alongside the commercial launch of a professional assistant built on its open-source agent framework NanoClaw. Valley Capital Partners led the round. Docker, Vercel, monday.com, Slow Ventures, Clutch Capital, Factorial Capital, and Hugging Face…
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the top…
Cyber Briefing: 2026.05.20
Emerging malware and zero-day exploits are aggressively targeting developer environments and enterprise HR systems, while identity-based breaches have become the dominant operational risk… This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.05.20
GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension
GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original…
Grafana GitHub Security Incident Reportedly Connected to TanStack npm Ransomware
Grafana Labs has disclosed a targeted GitHub security incident linked to the ongoing TanStack npm supply chain ransomware campaign, raising concerns about software development pipeline security and token management practices. The company confirmed that attackers gained unauthorized access to its…
1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials
1Password says AI coding agents should never hold persistent secrets, introducing a just-in-time credential model for OpenAI Codex designed to keep credentials out of prompts, code repositories, and model context. The post 1Password Teams With OpenAI to Stop AI Coding Agents From Leaking…
Critical ExifTool Vulnerability Lets Hackers Compromise Macs via Malicious Images
A newly disclosed vulnerability in ExifTool, tracked as CVE-2026-3102, exposes macOS systems to command execution attacks through malicious image metadata, highlighting ongoing risks in widely used file processing tools. ExifTool is a popular utility used across media workflows to read…
Taking care of business: The CISO’s role in a cyber crisis
<p>The role of the chief information security officer is pivotal — and constantly evolving. Today’s CISOs are responsible for all aspects of cybersecurity planning, prevention and management, and must also be attuned to the needs of the business.</p> <p>Increasingly, the…
GitHub says hackers stole data from thousands of internal repositories
The code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft. This article has been indexed from Security News | TechCrunch Read the original article: GitHub says hackers stole data…
Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free
Carding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the most active stolen card marketplaces on the dark web, has released 4.6 million credit card…
Exploited Faster, Patched Slower: Verizon DBIR 2026 Shows Security Teams Losing Ground
The Verizon 2026 Data Breach Investigations Report (DBIR) reveals a threat environment moving much faster than many organizations can reasonably protect themselves against. Based on information collected from more than 31,000 security incidents and over 22,000 confirmed data breaches spanning 145 different countries, the…
Agent AI is Coming. Are You Ready?
New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, “identity dark matter” (the unseen, unmanaged elements of identity) now overshadows the visible elements 57%…
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by Broadcom-owned Symantec in…
IT Security News Hourly Summary 2026-05-20 15h : 13 posts
13 posts were published in the last hour 13:5 : Gremlin Stealer Hides C2 and Exfiltration Paths in Encrypted Resources 13:4 : Hackers Abuse MSHTA Legacy Windows Tool to Deliver LummaStealer and Amatera Malware 13:4 : Microsoft Python Client DurableTask…
Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches
Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Verizon DBIR:…
Gremlin Stealer Hides C2 and Exfiltration Paths in Encrypted Resources
A newly identified variant of the Gremlin stealer malware is leveraging advanced obfuscation techniques to conceal its command-and-control (C2) infrastructure and data exfiltration logic within encrypted .NET resource sections. This evolution highlights a significant shift toward stealth, modularity, and anti-analysis…
Hackers Abuse MSHTA Legacy Windows Tool to Deliver LummaStealer and Amatera Malware
Hackers are exploiting a decades-old Windows tool to deliver dangerous malware onto unsuspecting systems, with consequences ranging from stolen passwords to full system compromise. The tool is MSHTA, short for Microsoft HTML Application Host, a built-in Windows utility that can…
Microsoft Python Client DurableTask Compromised by TeamPCP Hackers
Three consecutive releases of Microsoft’s official Python workflow SDK were poisoned with a multi-cloud credential-stealing worm, continuing the group’s relentless 2026 supply chain campaign. The TeamPCP threat group has struck again this time targeting durabletask, the official Microsoft Python client for…
Hackers Use Single-Letter Go Module Typosquat to Deploy DNS-Based Backdoor
A seemingly innocent typo in a Go module name has been quietly serving a live backdoor for nearly three years. Security researchers uncovered a malicious package called github.com/shopsprint/decimal that impersonates the popular github.com/shopspring/decimal library, differing by just a single letter in its name. The…
Anthropic Silently Patches Claude Code Sandbox Bypass
The researcher who found it says the vulnerability could have been chained with a prompt injection to exfiltrate data. The post Anthropic Silently Patches Claude Code Sandbox Bypass appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…