News – May 2026

May 22, 2026

Unit 42 researchers have observed evidence of cyberattacks by the Iran-nexus advanced persistent threat (APT) group Screening Serpens (aka UNC1549, Smoke Sandstorm and Iranian Dream Job). Based on Unite 42 visibility, researchers believe that the group targeted entities in the U.S., Israel and the United Arab Emirates, and likely two additional Middle Eastern entities. This research follows ...

May 21, 2026

A VPN service used by cybercriminals to conceal ransomware attacks, data theft, and other serious offences has been dismantled in an international operation led by France and the Netherlands, with support from Europol and Eurojust. For years, the service, known as ‘First VPN’, was promoted on Russian-speaking cybercrime forums as a trusted tool for remaining beyond ...

May 21, 2026

The Federal Bureau of Investigation (FBI) is issuing this Public Service Announcement (PSA) to warn the public about an emerging Phishing1-as-a-Service2 (PhaaS) platform called Kali365, first seen in April 2026. Kali365 has primarily been distributed via Telegram, enabling cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication3 (MFA) protocols without intercepting the user’s ...

May 21, 2026

Cybercriminals are increasingly using a legitimate legacy Windows tool to deploy infostealers and loader malware, researchers are saying. A new Bitdefender report has claimed that since the start of 2026, there’s been an uptick in activity related to a Windows utility called Microsoft HTML Application Host (MSHTA), a legitimate utility that runs special HTML-based application files known as HTAs. Read more… Source:  ...

May 20, 2026

GitHub, the world’s biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) extension. The company’s initial assessment is that only internal repositories were exfiltrated. The incident was reported by GitHub on X, with follow-up posts revealing a “poisoned VS Code extension” as the cause. The Microsoft-owned code shack continues to ...

May 19, 2026

Microsoft seized websites and took down hundreds of virtual machines running a cybercrime service that allegedly sold code-signing certificates to ransomware gangs, thus making their malware look like legitimate software – and allowing criminals to infect thousands of machines in the US, including at least 12 owned and operated by the Windows giant. Read more… Source: The ...

May 19, 2026

SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting ...

May 18, 2026

Exploit attempts are already hammering a newly disclosed NGINX bug dubbed “NGINX Rift,” proving once again that attackers read patch notes faster than most admins. Researchers at VulnCheck said they are seeing active exploitation tied to CVE-2026-42945, a heap buffer overflow flaw affecting both NGINX Open Source and NGINX Plus that was disclosed last week after apparently sitting ...

May 18, 2026

Threat actors could escalate privileges and gain SYSTEM access on a fully patched Windows 11 device thanks to an unpatched vulnerability which allegedly should have been fixed years ago, new reports have claimed. A researcher with the alias Chaotic Eclipse recently disclosed a Proof-of-Concept (PoC) exploit for a zero-day vulnerability they named “MiniPlasma”. In a new GitHub entry, ...

May 18, 2026

New York public health provider NYC Health + Hospitals says a months-long data breach that allowed hackers to steal personal data, medical records, and fingerprints scans affects at least 1.8 million people. NYCHHC is the largest public health system in the United States and provides healthcare to over a million New Yorkers, the majority of whom are uninsured or ...

May 18, 2026

Digital sovereignty has become a priority as concerns over data privacy, data protection, and geopolitical risk intensify. The concept centres on giving data owners full control over their digital assets, infrastructure, and the legal frameworks governing them. While Europe leads demand for sovereign solutions, interest is rising globally as cyberthreats and geopolitical tensions grow. In 2026, ...

May 16, 2026

We’re less than a month away from the biggest sporting event of the year, the FIFA World Cup, and scammers are already busy stealing money, passwords, and other sensitive data from fans and visitors, experts have warned. Kaspersky has published a breakdown of the different scam techniques cybercriminals are using to target football fans as they ...

May 15, 2026

Cisco admins face emergency patch duty after Switchzilla disclosed a max-severity make-me-admin bug affecting Catalyst SD-WAN Controller and Manager. Switchzilla dropped an advisory for CVE-2026-20182 (10.0) on Thursday, saying that both components, formerly known as vSmart and vManage, were vulnerable in all deployment types, and that fixes were available. The bug allows unauthenticated remote attackers to bypass authentication and ...

May 15, 2026

US officials suspect Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states, according to multiple sources briefed on the activity. The hackers responsible have exploited automatic tank gauge (ATG) systems that were sitting online and unprotected by passwords, allowing them in some cases ...

May 15, 2026

A hotel check-in system left more than 1 million customer passports, driver’s licenses, and selfie verification photos to the open web after a security lapse. The data is now offline after TechCrunch alerted the company responsible. The hotel check-in system, called Tabiq, is maintained by the Japan-based tech startup Reqrea. According to its website, Tabiq is used in ...

May 15, 2026

The Federal Bureau of Investigation (FBI) is providing this Public Service Announcement (PSA) to warn of potential future impacts related to a cyber-attack that affected an online Learning Management System (LMS), resulting in an interruption of service to educational institutions and students across the country. The LMS platform is now fully operational. ShinyHunters (SH) — which ...

May 15, 2026

OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products. The company disclosed this week that it had been caught up in the wider “Mini Shai-Hulud” campaign targeting npm ecosystems and developer infrastructure, though it said there was no ...