npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
Ravie LakshmananMay 23, 2026Software Supply Chain / DevSecOps GitHub has rolled out new controls for npm to improve the security...
Security
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
Ravie LakshmananMay 23, 2026Vulnerability / Web Security A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active...
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
Ravie LakshmananMay 23, 2026Vulnerability / Website Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched...
Microsoft Warns: Windows Zero-Day ‘YellowKey’ Can Bypass BitLocker
Microsoft has moved to contain the newly disclosed Windows zero-day vulnerability, dubbed “YellowKey,” but the company still lacks a permanent...
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity...
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
Ravie LakshmananMay 22, 2026Vulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security...
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Ravie LakshmananMay 22, 2026Vulnerability / Network Security Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload...
New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most
The 2026 Verizon Data Breach Investigations Report (DBIR) paints a clearer picture of today’s cybersecurity landscape: attackers are moving faster,...
Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs
Microsoft says it disrupted a malware-signing service that abused Azure Artifact Signing to create fraudulent certificates used in ransomware and...
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Ravie LakshmananMay 21, 2026Endpoint Security / Vulnerability Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender...
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Ravie LakshmananMay 21, 2026Web Security / Vulnerability Drupal has released security updates for a "highly critical" security vulnerability in Drupal...
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Ravie LakshmananMay 20, 2026Artificial Intelligence / Security Testing Microsoft has unveiled two new open-source tools called RAMPART and Clarity to...
CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository
The federal agency that tells Americans how to secure their systems is now investigating how sensitive credentials tied to its...
Microsoft Launches New Surface AI PCs for Business Buyers
Microsoft’s latest Surface pitch is aimed squarely at businesses preparing their PC fleets for the AI era. The tech giant...
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft
The latest malware targeting Mac users isn’t built to crack security protections, but to exploit users’ trust in familiar brands....
