Archive
Browse the full DeafNews article archive in chronological order.
Articles
- First VPN Seized: 'No-Log' Service Revealed as Law Enforcement Trap for Cybercriminals
Europol and Dutch police have dismantled First VPN, a specialized infrastructure hub for ransomware and data theft. The operation seized 33 servers across 27 countries, exposing 5…
- Chrome Internal Bug Reports Surge to 200+ as Google Leans on AI
Google addressed more than 200 internally discovered vulnerabilities in Chrome between March and May 2026. The spike aligns with the company's aggressive adoption of AI-driven sec…
- Drupal Fixes 'Highly Critical' SQL Injection Vulnerability Impacting PostgreSQL
Drupal has released urgent security patches for CVE-2026-9082, an unauthenticated SQL injection flaw. The vulnerability specifically targets sites using PostgreSQL backends, inclu…
- Microsoft Defender Zero-Days Under Active Attack; CISA Mandates Patching by June 3
Microsoft has confirmed that two vulnerabilities in Microsoft Defender are being actively exploited in the wild. CISA has added both flaws to its Known Exploited Vulnerabilities (…
- CVE-2026-46333: Nine-Year-Old Linux Kernel Flaw Enables Root Escalation
Qualys researchers have disclosed CVE-2026-46333, a Linux kernel vulnerability dormant since 2016 that enables local privilege escalation to root on major distributions like Debia…
- GitHub: 3,800 Internal Repos Exfiltrated via Trojanized VS Code Extension
GitHub has confirmed the theft of approximately 3,800 internal repositories after an employee installed a trojanized version of the Nx Console VS Code extension, highlighting a sy…
- Ransomware 2026: Extortion Tactics Pivot Beyond File Encryption
Kaspersky’s May 12, 2026 report reveals a fundamental shift in the threat landscape: as encryption loses its leverage, attackers are prioritizing data exfiltration, systemic EDR n…
- CVE-2025-68670: Pre-auth RCE Vulnerability Identified in xrdp Server Domain Field
A technical breakdown of CVE-2025-68670: A stack buffer overflow within xrdp's domain name processing logic enables unauthenticated remote code execution.
- Mirai Variant Targets EOL TP-Link Routers via Flawed Exploit for Valid Vulnerability
Unit 42 has identified active exploitation attempts targeting CVE-2023-33538 on end-of-life TP-Link routers. While current in-the-wild exploit code is technically flawed, analysis…
- Frontier AI: The Shift from Coding Assistant to Autonomous Threat Agent
Research from Unit 42 reveals that frontier AI models now possess the autonomous reasoning capabilities of full-spectrum security researchers, positioning open-source software as…
- Microsoft Open-Sources RAMPART and Clarity to Secure AI Agent Workflows
Microsoft has unveiled two open-source security tools for AI agents: RAMPART, a Pytest-native framework for build-time testing, and Clarity, a pre-code architectural threat modeli…
- Trust3 AI Launches MCP Security: A Hardened Control Plane or Just Another Promise?
Trust3 AI has announced MCP Security to protect enterprise agentic workloads, focusing on connection verification, isolated tokens, and immutable logging in response to an expandi…
- AI-Driven Mobile Attacks Hit New Record: Apps Compromised Within Two Hours of Release
The Digital.ai 2026 App Security Threat Report reveals that 87% of client-facing applications are now under systematic attack, with the critical exposure window shrinking to just…
- 1Password and OpenAI Partner to Provide Just-in-Time Credentials for AI Agents
1Password integrates its Environments MCP Server into OpenAI's Codex, enabling just-in-time credentialing for AI coding agents to prevent secret leakage in prompts and codebases.
- CISA Faces Congressional Scrutiny After Months-Long AWS GovCloud Credential Leak on GitHub
Senator Maggie Hassan has demanded a classified briefing from CISA following the discovery of a public GitHub repository that exposed high-privilege AWS keys, plaintext passwords,…
- Italian Revenue Agency Phishing: Cloned SPID Portal Uses Pre-filled Emails to Target Public Sector
CERT-AGID has identified a targeted phishing campaign against the Italian Revenue Agency (Agenzia delle Entrate) featuring cloned SPID login portals and pre-filled victim emails t…
- ExifTool RCE: Kaspersky GReAT Uncovers macOS Command Injection via Metadata
CVE-2026-3102 impacts ExifTool versions 13.49 and earlier on macOS. The vulnerability allows for command injection within the SetMacOSTags function when using -tagsFromFile with t…
- GitHub Breach: 3,800 Internal Repositories Stolen via Malicious VS Code Extension
GitHub has confirmed a security breach affecting approximately 3,800 internal repositories after an employee device was compromised by a 'poisoned' Visual Studio Code extension.
- AI-Powered Honeypots: Cisco Talos Flips the Script on Automated Threats
On April 29, Cisco Talos Intelligence researchers released a proof-of-concept aimed at neutralizing offensive asymmetry in cyberspace. By using generative models to deploy adaptiv…
- AI Agents in Production: Addressing the Confused-Deputy Threat in Operational Automation
New research identifies a critical architectural gap in operational AI agents where a lack of separation between reasoning and execution exposes production infrastructure to 'conf…
- Grafana Labs Breach: Forgotten Workflow Token Exposes Internal Repositories
Grafana Labs has disclosed a security breach involving its GitHub repositories after an overlooked CI/CD token—missed during an emergency rotation following the TanStack supply ch…
- GitHub Investigates Alleged Exfiltration of 4,000 Internal Repositories by TeamPCP
GitHub is investigating claims from the threat group TeamPCP, which alleges to have exfiltrated nearly 4,000 internal repositories and listed the source code for sale for $50,000.…
- AI Productivity Facade: 18 Malicious Extensions Discovered with RAT and MitM Capabilities
Palo Alto Networks’ Unit 42 has identified 18 high-risk AI browser extensions that surveil emails, steal prompts, and compromise user sessions through RAT and MitM techniques usin…
- Zealot: How Autonomous AI Orchestrates Multi-Stage Cloud Compromise
Palo Alto Networks’ Unit 42 has demonstrated Zealot, a multi-agent PoC capable of executing end-to-end cloud attack chains without human intervention, effectively weaponizing exis…
- BitLocker Bypassed: New Zero-Day Trio Targets Windows Following Patch Tuesday
An analysis of the YellowKey, GreenPlasma, and MiniPlasma vulnerabilities disclosed shortly after the May 2026 Patch Tuesday, impacting BitLocker encryption and critical system dr…
- Microsoft Neutralizes Fox Tempest: Malware-Signing-as-a-Service Operation Dismantled
Microsoft has disrupted Fox Tempest, a sophisticated 'Malware-Signing-as-a-Service' operation that leveraged stolen identities to exploit the Artifact Signing platform and issue f…
- Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credentials as Patching Cycles Falter
The 2026 Verizon DBIR marks a structural shift in the threat landscape: vulnerability exploitation (31%) has surpassed credential abuse (13%) as the primary breach vector, while t…
- Critical RCE in ChromaDB: 73% of Exposed Servers Vulnerable to CVE-2026-45829
A maximum-severity vulnerability in ChromaDB’s Python FastAPI server allows unauthenticated remote code execution. The flaw, which stems from an architectural error that loads mod…
- 7-Eleven Confirms Data Breach After ShinyHunters Leaks 9.4GB of Files
7-Eleven has officially confirmed a cyberattack originating in April 2026. Following a failed ransom negotiation with the ShinyHunters extortion group, 9.4GB of sensitive data was…
- Drupal to Release ‘Highly Critical’ Core Patch on May 20; Exploit Expected Within Hours
Drupal administrators are on high alert as the Security Team prepares a coordinated release for a major core vulnerability, warning that functional exploits could emerge almost im…
- Microsoft Dismantles Fox Tempest: The Takedown of a Global Malware-Signing Syndicate
Microsoft’s Digital Crimes Unit has seized the infrastructure of Fox Tempest, a major 'malware-signing-as-a-service' provider that enabled ransomware groups to bypass security def…
- SEPPMail Security Crisis: Seven Critical Flaws Grant Full Access to Corporate Email
A cluster of seven vulnerabilities in the SEPPMail Secure E-Mail Gateway, including flaws with CVSS scores up to 10.0, enables unauthenticated RCE and complete interception of cor…
- CVE-2026-8153: Universal Robots Cobots Vulnerable to Unauthenticated RCE
An OS command injection vulnerability in the PolyScope 5 Dashboard Server enables unauthenticated remote code execution on Universal Robots industrial cobot controllers, carrying…
- NGINX Rift Under Active Exploitation: A Technical Analysis of CVE-2026-42945
A 16-year-old vulnerability in the NGINX rewrite module, dubbed NGINX Rift (CVE-2026-42945), is currently being exploited in the wild. The heap buffer overflow exposes millions of…
- 15 Instagram Posts and One Cent: The New Price of Convincing Spear-Phishing
Research from UT Arlington and LSU demonstrates how 10-15 public Instagram posts and less than a penny can generate personalized phishing emails that are frequently judged less su…
- Linux Kernel Page Cache Vulnerabilities: CopyFail, Fragnesia, and DirtyDecrypt LPE Risks
An analysis of the CopyFail (CVE-2026-31431), Fragnesia, and DirtyDecrypt vulnerabilities within the Linux kernel, including exploitation mechanisms and mitigation strategies.
- 18-Year-Old NGINX Bug CVE-2026-42945 Under Active Attack
Exploitation attempts are underway for CVE-2026-42945, an 18-year-old heap buffer overflow in the NGINX rewrite module. The flaw enables conditional RCE, and security patches are…
- NGINX Rift: Active Exploitation of CVE-2026-42945 Detected In the Wild
In-the-wild attacks targeting CVE-2026-42945 (NGINX Rift) began on May 16, 2026. Security researchers analyze the critical heap buffer overflow vulnerability and the necessary mit…
- Ollama Vulnerability: CVE-2026-7482 Risks Memory Exposure for 300,000 AI Servers
A critical heap out-of-bounds read vulnerability in Ollama (CVE-2026-7482) allows for memory leakage via GGUF files, putting API keys and private conversations at risk.
- May Patch Tuesday: A Rare Zero-Day Break Amid Record AI Discovery Volumes
Microsoft’s May 2026 update ends a two-year streak of active zero-days, patching approximately 137 vulnerabilities. However, the integration of AI-driven discovery tools like MDAS…
- Active Exchange Zero-Day: Unpatched OWA Vulnerability Under Exploitation
Microsoft has confirmed CVE-2026-42897, a zero-day XSS vulnerability in on-premise Exchange servers currently under active attack. With no permanent fix available, CISA has mandat…
- CISA Contractor Exposed AWS GovCloud Credentials and Plaintext Passwords on GitHub for Months
A federal contractor at Nightwing exposed administrative AWS GovCloud credentials and internal passwords in plaintext on GitHub for over six months, highlighting a significant gov…
- CERT-AGID: Italian Cyberattacks Surge 13% as PagoPA and INPS Face Targeted Campaigns
CERT-AGID identified 131 malicious campaigns in Italy between May 9 and 15, 2026. The activity involved 1,382 indicators of compromise, featuring PagoPA phishing and INPS-themed s…
- Ollama Flaws Expose Local LLM Memory and Enable Windows Malware Persistence
Three critical CVEs in Ollama allow unauthenticated remote attackers to leak LLM process memory via crafted GGUF files and achieve persistence on Windows systems through updater v…
- CVE-2026-42945: Active Exploitation of NGINX Servers Underway
CVE-2026-42945 is being actively exploited in the wild, targeting NGINX rewrite modules to trigger immediate DoS or conditional RCE. Critical patches and configuration mitigations…
- ShinyHunters: A Serial Extortion Campaign Targets Enterprise SaaS (May 2026)
Between May 7 and May 18, 2026, ShinyHunters targeted Canvas, 7-Eleven, and Grafana in a high-profile data extortion spree. While Instructure paid to secure its data, the campaign…
- Grafana Refuses Ransom Following GitHub Token Theft and Codebase Breach
Grafana Labs has confirmed that a stolen GitHub access token allowed attackers to exfiltrate its source code. Despite extortion attempts by the CoinbaseCartel group, the company r…
- NGINX Rift: Critical CVE-2026-42945 Exploitation Detected In-the-Wild
The NGINX Rift vulnerability (CVE-2026-42945) has seen active exploitation since May 16, leveraging a long-dormant heap buffer overflow for DoS and potential RCE. Immediate remedi…
- Safari Regex Engine Vulnerability Allows Remote Code Execution via Duplicate Named Groups
Apple has patched a high-severity (CVSS 8.8) remote code execution vulnerability in Safari. The flaw involves a heap-based buffer overflow triggered when parsing regular expressio…
- DirtyDecrypt: Linux Local Privilege Escalation Exploit Surfaces for Unpatched Systems
A proof-of-concept for 'DirtyDecrypt'—a local privilege escalation flaw in the Linux kernel's RXGK module—is now public. Organizations using the AFS client must verify they have a…
- GitHub Enterprise RCE: Critical Vulnerability (CVE-2026-3854) Demands Immediate Updates
A flaw in GitHub’s push options handling allows for Remote Code Execution on Enterprise Server instances. With technical details now public, unpatched on-premise environments face…
- Cisco Talos Unveils AI-Driven Honeypot PoC to Deceive Malicious Agents
Cisco Talos researchers have demonstrated a proof-of-concept for adaptive honeypots powered by generative LLMs, designed to exploit the lack of situational awareness in automated…
- PAN-OS Captive Portal Zero-Day: CVE-2026-0300 Exploited in Root-Level RCE Attacks
A deep dive into the critical CVE-2026-0300 vulnerability within Palo Alto Networks PAN-OS, detailing active in-the-wild exploitation and the sophisticated evasion tactics utilize…
- Grafana Labs Hit by GitHub Breach: Source Code Stolen, Ransom Demands Rejected
Grafana Labs has confirmed a breach of its GitHub environment via a 'Pwn Request' vulnerability. While attackers exfiltrated proprietary source code and attempted extortion, the c…
- Unpatched BlueHammer Zero-Day Enables Rapid Windows Privilege Escalation
A functional exploit dubbed 'BlueHammer' leverages logic flaws in Microsoft Defender and Volume Shadow Copy to grant SYSTEM privileges on Windows 10 and 11 in under a minute. No o…
- Ivanti Endpoint Manager Under Scrutiny Following CVE-2026-8109 Authentication Bypass Reports
An analysis of the CVE-2026-8109 vulnerability in Ivanti Endpoint Manager reveals a risk of authentication bypass within the RemoteControlAuth module, potentially leading to crede…
- Ivanti Releases May 2026 Security Updates: Seven CVEs and a Critical SQLi-to-RCE Vulnerability
On May 13, 2026, Ivanti patched seven security flaws across four enterprise products, including a critical SQL injection-to-RCE in its Endpoint Manager (EPM). While no active expl…
- Palo Alto Networks Zero-Day: PAN-OS Vulnerability Grants Attackers Root Perimeter Control
CVE-2026-0300 enables unauthenticated root RCE on PAN-OS firewalls. With CISA Mandating mitigation within three days, we analyze the exploit mechanism and the open-source tooling…
- Ivanti EPMM Zero-Day Under Active Exploitation: CISA Adds CVE-2026-6973 to KEV Catalog
A newly disclosed zero-day in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-6973, is being actively exploited in the wild. The improper input validation flaw allows a…
- Ivanti EPMM RCE Under Active Exploitation as Federal Patch Deadline Lapses
CVE-2026-6973, a critical RCE vulnerability in Ivanti EPMM on-premise, is currently being exploited in the wild. The CISA remediation deadline for federal agencies has passed, nec…
- Apple Safari WebCore Vulnerability: ZDI-26-312 Enables Remote Code Execution
A use-after-free vulnerability in Safari’s WebCore style resolver allows for remote code execution through user interaction, affecting development and debugging environments.
- May 2026 Patch Tuesday: 137 Vulnerabilities Addressed, No Zero-Days Found Despite Critical DNS RCE
Microsoft has patched 137 vulnerabilities in its May 2026 security update. While no active exploits have been detected, critical unauthenticated RCE flaws in the Windows DNS Clien…
- Ivanti Confirms Post-Auth RCE in EPMM Under Active Exploitation
Ivanti has warned of targeted attacks exploiting CVE-2026-6973, a post-authentication RCE flaw in on-premise EPMM. The vulnerability, now in CISA’s KEV catalog, highlights the cri…
- Ivanti EPMM Zero-Day: Admin-Authenticated RCE Triggers Urgent CISA Patch Mandate
Ivanti has disclosed CVE-2026-6973, a critical zero-day in Endpoint Manager Mobile (EPMM) allowing RCE with administrative privileges. While CISA has set a May 10 deadline for fed…
- Ivanti Patches Critical RCE Flaws While Addressing Active EPMM Zero-Day
Ivanti has released its May security updates for EPM and confirmed an active zero-day in EPMM; with at least 22 vulnerabilities exploited over the past two years, IT teams face ur…
- Ransomware 2026: From EDR-Killers to Post-Quantum Cryptography
In 2026, ransomware has reached industrial scale, leveraging BYOVD EDR-killers, ML-KEM post-quantum encryption, and a strategic pivot toward encryptionless extortion.
- Microsoft Patch Tuesday: Legacy MSMQ Flaw Enables Local SYSTEM Escalation
The May 12, 2026, security update addresses CVE-2026-33838, an elevation-of-privilege vulnerability in Windows Message Queuing (MSMQ). While disabled by default, the legacy servic…
- Apple Patches Remote Code Execution Vulnerability in macOS USD Library
A newly disclosed out-of-bounds write flaw (ZDI-26-314) in the Universal Scene Description library could allow remote attackers to execute arbitrary code on macOS systems.
- Siemens Simcenter Femap: Malicious IPT Files Trigger RCE via Heap Overflow
Siemens has patched a high-severity heap overflow vulnerability in Simcenter Femap’s Datakit library. The flaw allows remote code execution on engineering workstations when a user…
- Apple Fixes WebKit Zero-Days Exploited in 'Extremely Sophisticated' Attacks
Apple has issued emergency security updates for Safari 26.2 and iOS 18.7.3 to remediate two critical WebKit vulnerabilities (CVE-2025-14174, CVE-2025-43529) currently being levera…
- GitHub Enterprise RCE: A Single 'git push' Puts Corporate Backends at Risk
CVE-2026-3854 allows Remote Code Execution on GitHub Enterprise Server via user-controlled push options. Reports indicate that 88% of self-hosted instances remain unpatched.
- Microsoft Exchange Zero-Day Exploited: Permanent Patch Restricted to ESU Customers
Microsoft has confirmed active in-the-wild exploitation of CVE-2026-42897 affecting Exchange on-premise servers. CISA has issued a high-priority alert as permanent fixes are restr…
- Burst Statistics Under Fire: Over 7,400 Attacks Blocked in 24 Hours
Threat actors are actively exploiting a critical authentication bypass (CVE-2026-8181) in the Burst Statistics WordPress plugin to hijack administrative accounts. Wordfence has re…
- Mistral AI Hit by Supply Chain Attack; 450 Repositories Put Up for Sale
Mistral AI has confirmed a supply chain compromise involving contaminated SDKs and abused SLSA provenance. The threat actor TeamPCP is demanding $25,000 for approximately 450 inte…
- OpenAI Confirms Corporate Devices Compromised in TanStack Supply Chain Attack
OpenAI has confirmed that two corporate devices were breached following the May 11 TanStack npm supply chain attack. While internal credentials and signing certificates were exfil…
- Cisco SD-WAN Zero-Day: 'Ghost Peers' Infiltrated Controllers Since 2023
CVE-2026-20127 in Cisco Catalyst SD-WAN controllers allowed a sophisticated threat actor to impersonate trusted peers for over three years, achieving persistent root access.
- GitHub RCE: Crafted 'git push' Commands Compromised Backend Servers
CVE-2026-3854: An X-Stat header injection vulnerability in GitHub enabled remote code execution via a single push operation. Approximately 88% of Enterprise instances remained exp…
- Critical PAN-OS Zero-Day CVE-2026-0300: Unauthenticated Root RCE Hits Exposed Firewalls
CVE-2026-0300: An unauthenticated root RCE vulnerability in the PAN-OS Captive Portal has seen active exploitation since April 9. While CISA mandated remediation by May 9, an offi…
- CVE-2026-7482: Technical Analysis of Ollama’s Memory Leak Vulnerability via GGUF
Technical breakdown of CVE-2026-7482 in Ollama. Discovered by Cyera, the vulnerability enables unauthenticated remote attackers to exfiltrate API keys and secrets through maliciou…
- Yarix Y-Report 2026: Critical Security Events Surge 62% as Italy Falls to 6th in Global Ransomware Rankings
The Yarix Y-Report 2026 documents 522,486 security events and a 62% spike in critical threats, highlighting an increasingly aggressive cyber landscape where Italy’s lower ranking…
- CVE-2026-44338: Working Exploit Scanner for PraisonAI Deployed in Under 4 Hours
The first automated scanner targeting PraisonAI was detected less than four hours after the disclosure of CVE-2026-44338. The authentication bypass in the legacy API exposes agent…
- May Patch Tuesday: AI-Driven Discovery Pushes 2026 Vulnerability Count Past 500
Microsoft's May 12, 2026, update addresses more than 130 vulnerabilities, revealing the impact of its internal MDASH AI system. The tool autonomously discovered 16 flaws this mont…
- Fragnesia Flaw Enables Local Root via Linux Page Cache Corruption
CVE-2026-46300 allows local root escalation on Linux by corrupting read-only files in memory. With a public PoC available and patches still under review, mitigations used for 'Dir…
- ClawHavoc, Critical CVEs, and Agentic AI: Why Q1 2026 Shifted the Threat Model
The agentic AI ecosystem is under siege. From the coordinated ClawHavoc supply chain campaign to critical RCE vulnerabilities in Claude Code and OpenClaw, Q1 2026 has fundamentall…
- May 2026 Patch Tuesday: AI-Driven Discovery Marks a Turning Point in Vulnerability Management
Microsoft and industry partners address over 130 vulnerabilities as AI systems like MDASH and Project Glasswing accelerate the discovery pipeline, while Google reports the first A…
- Microsoft MDASH Deployment Identifies 16 Windows Flaws via 100+ AI Agents
Microsoft’s MDASH, an agentic multi-model system, discovered 16 vulnerabilities—including four critical RCEs—patched in the May 2026 update. The architecture marks a significant p…
- CVE-2026-41940: Global Campaign Targets cPanel Authentication Bypass to Deploy Cross-Platform Backdoors
Threat actor Mr_Rot13 is actively exploiting CVE-2026-41940 in cPanel/WHM to deploy the 'Filemanager' backdoor. With over 2,000 IPs involved and infrastructure dating back to 2020…
- BitLocker Zero-Day: Encrypted Drives Unlocked via USB and WinRE — No Credentials Needed
A new proof-of-concept named YellowKey enables BitLocker bypasses on Windows 11 and Server editions by exploiting the Windows Recovery Environment (WinRE) via USB. Independent res…
- Škoda Germany Data Breach: Online Store Offline After Password Hashes Exposed
Škoda has confirmed a cyberattack on its German online store. While customer data and password hashes were exposed, forensic investigators are struggling to confirm exfiltration d…
- Exim 'Dead.Letter' Vulnerability: Critical RCE Risk for GnuTLS-Based Builds
CVE-2026-45185 is a use-after-free vulnerability in the Exim SMTP BDAT parser that allows unauthenticated RCE on GnuTLS-compiled servers. No configuration workarounds exist; admin…
- Google Uncovers First Confirmed AI-Generated Zero-Day Exploit Bypassing 2FA
Google has confirmed the discovery of the first zero-day exploit developed with AI assistance. The vulnerability, identified on May 11, 2026, enabled a 2FA bypass in a popular ope…
- Foxconn Confirms North American Cyberattack; Nitrogen Ransomware Group Claims 8TB Data Breach
Foxconn has confirmed a cyberattack affecting several of its North American facilities. The Nitrogen ransomware group claims to have exfiltrated approximately 8TB of data, includi…
- West Pharmaceutical Services Hit by Ransomware, Disrupting Global Operations
West Pharmaceutical Services has confirmed a ransomware attack involving data exfiltration and systemic encryption, causing significant disruptions across the global pharmaceutica…
- Microsoft May Patch Tuesday Fixes 120 Flaws, but DNS and Dynamics 365 Bugs Demand Priority
Microsoft’s May 2026 update fixes roughly 120 vulnerabilities, targeting critical gaps in DNS, Dynamics 365, and Office components. While active zero-days are absent, high-risk RC…
- Intel and AMD Patch 70 Vulnerabilities — Two Critical Data Center Flaws Fixed
Intel and AMD have issued advisories addressing approximately 70 vulnerabilities. Two critical flaws with CVSS scores exceeding 9.0 in ROCm and ESXi drivers pose significant risks…
- OpenAI Unveils Daybreak: AI-Powered Cybersecurity with Tiered Access Controls
OpenAI has debuted Daybreak, a new AI cybersecurity platform featuring the GPT-5.5-Cyber model and a tiered governance framework designed to mitigate the dual-use risks of high-ca…
- Mini Shai-Hulud: 84 Malicious TanStack Packages Signed with Valid SLSA Level 3 Attestations
On May 11, 2026, the TeamPCP threat group compromised TanStack's CI/CD pipeline to inject 84 malicious npm versions. Despite carrying valid SLSA Build Level 3 attestations, the pa…
- CVE-2026-3854: Critical GitHub RCE Leaves 88% of On-Premise Servers Exposed
Wiz Research has detailed CVE-2026-3854, a critical RCE vulnerability in GitHub’s internal Git pipeline. While GitHub.com was patched rapidly, approximately 88% of on-premise GitH…
- Dirty Frag LPE Chain: Deterministic Linux Root Access via Single Command
Dirty Frag exploits two Linux kernel vulnerabilities to achieve deterministic local privilege escalation to root. With a public PoC available and limited in-the-wild activity repo…
- Exim 'Dead.Letter' Vulnerability: Unauthenticated RCE Threatens GnuTLS-Based Mail Servers
A critical use-after-free vulnerability in Exim’s BDAT parser (CVE-2026-45185) allows for unauthenticated remote code execution on servers compiled with GnuTLS. Affecting versions…