Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
Ravie LakshmananMay 19, 2026Vulnerability / Website Security Drupal has issued an alert stating that it intends to release a "core...
that
WantToCry ransomware remotely encrypts files
SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors exploiting SMB for initial access and then exfiltrating files...
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Ravie LakshmananMay 17, 2026Data Breach / Cybercrime Grafana has disclosed that an "unauthorized party" obtained a token that granted them...
Here’s one career emerging from the AI shift: ‘forward-deployed engineers’
Google currently has 1,513 openings for that specific role and OpenAI, which just this week launched an organization called the...
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply...
Inside the lethal trifecta: Blast radius reduction in AI agent deployments
AI agents that can read files, call APIs, and perform actions are already being deployed in enterprises. These agents often...
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
Ravie LakshmananMay 12, 2026Vulnerability / AI Security OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial...
IMF warns of the potential for AI attacks on global financial systems
The International Monetary Fund (IMF) is warning that AI could become a growing threat to global financial stability by making...
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
Ravie LakshmananMay 11, 2026Supply Chain Attack / DevSecOps Checkmarx has confirmed that a modified version of the Jenkins AST plugin...
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely...
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker...
Google Play Scam Apps Hit 7.3M Downloads with Fake Call Logs
ESET found 28 CallPhantom scam apps on Google Play that promised fake call logs and had reached more than 7.3...
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is...
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ravie LakshmananMay 07, 2026Vulnerability / Network Security Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM)...
CISA Warning: High-Severity Linux Flaw Puts Unpatched Systems at Risk
CISA warns that the nine-year-old Linux Copy Fail flaw is being actively exploited, allowing local attackers to gain root access...
