Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-19 08:00 PDT
- DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
The Hacker News • 2026-05-19 07:56 • thehackernews.com
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE).
Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that it was a duplicate of a vulnerability that had
https://thehackernews.com/2026/05/dirtydecrypt-poc-released-for-linux.html - New Shai-Hulud malware wave compromises 600 npm packages
BleepingComputer • 2026-05-19 07:30 • www.bleepingcomputer.com
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. […]
https://www.bleepingcomputer.com/news/security/new-shai-hulud-malware-wave-compromises-600-npm-packages/ - 7-Eleven confirms data breach claimed by the ShinyHunters gang
BleepingComputer • 2026-05-19 07:16 • www.bleepingcomputer.com
Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month. […]
https://www.bleepingcomputer.com/news/security/7-eleven-confirms-data-breach-claimed-by-the-shinyhunters-gang/ - Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
BleepingComputer • 2026-05-19 07:00 • www.bleepingcomputer.com
Microsoft’s total vulnerability count stayed steady in 2025, but critical flaws surged year over year. BeyondTrust breaks down why attackers are increasingly focused on privilege escalation and identity abuse. […]
https://www.bleepingcomputer.com/news/security/critical-microsoft-vulnerabilities-doubled-from-exposure-to-escalation/ - Webinar: The hidden bottlenecks in network incident response
BleepingComputer • 2026-05-19 05:14 • www.bleepingcomputer.com
IT teams are increasingly overwhelmed by alerts from disconnected systems, forcing responders to manually coordinate investigations during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce response delays and improve operational coordination. […]
https://www.bleepingcomputer.com/news/security/webinar-the-hidden-bottlenecks-in-network-incident-response/ - The New Phishing Click: How OAuth Consent Bypasses MFA
The Hacker News • 2026-05-19 04:30 • thehackernews.com
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a
https://thehackernews.com/2026/05/the-new-phishing-click-how-oauth.html - Microsoft confirms patching issues in restricted Windows networks
BleepingComputer • 2026-05-19 04:22 • www.bleepingcomputer.com
Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-patching-issues-in-restricted-windows-networks/ - Laurie Anderson Is Quoting Me
Schneier on Security • 2026-05-19 04:00 • www.schneier.comNot by name, but Laurie Anderson quotes me in one of the tracks of her new album:
My favorite quote is from a cryptologist who said “If you think technology will solve your problems, you don’t understand technology and you don’t understand your problems.”
Also in interviews:
“Of course, it’s ridiculous, outrageous, blah, b…
https://www.schneier.com/blog/archives/2026/05/laurie-anderson-is-quoting-me.html - Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
The Hacker News • 2026-05-19 03:44 • thehackernews.com
Drupal has issued an alert stating that it intends to release a “core security release” for all supported branches on May 20, 2026, from 5-9 p.m. UTC.“The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” the maintainers of the PHP-based content management system (CMS) said.
“Not all configurations are
https://thehackernews.com/2026/05/drupal-to-release-urgent-core-security.html - SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
The Hacker News • 2026-05-19 02:23 • thehackernews.com
Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance.
“These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the internal network,”
https://thehackernews.com/2026/05/seppmail-secure-e-mail-gateway.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
