Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
Ravie LakshmananMay 23, 2026Vulnerability / Website Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched...
Cybersecurity
Microsoft Warns: Windows Zero-Day ‘YellowKey’ Can Bypass BitLocker
Microsoft has moved to contain the newly disclosed Windows zero-day vulnerability, dubbed “YellowKey,” but the company still lacks a permanent...
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity...
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561...
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
Ravie LakshmananMay 22, 2026Vulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security...
New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most
The 2026 Verizon Data Breach Investigations Report (DBIR) paints a clearer picture of today’s cybersecurity landscape: attackers are moving faster,...
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a...
Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs
Microsoft says it disrupted a malware-signing service that abused Azure Artifact Signing to create fraudulent certificates used in ransomware and...
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
Ravie LakshmananMay 21, 2026Hacking News / Cybersecurity News This week starts small. A token leaks. A bad package slips in....
CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository
The federal agency that tells Americans how to secure their systems is now investigating how sensitive credentials tied to its...
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft
The latest malware targeting Mac users isn’t built to crack security protections, but to exploit users’ trust in familiar brands....
On AI Security
On AI Security Good report: Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can...
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that...
AdvancedHEALTH Ransomware Claim Includes 2.3M Patient Data Lines
A ransomware gang is trying to turn a Tennessee healthcare group into a public pressure campaign. DragonForce claims it stole...
Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft
Grafana has confirmed that an unauthorized party gained access to its GitHub environment after obtaining a compromised token, allowing the...
