Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-20 08:00 PDT
- Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
The Hacker News • 2026-05-20 07:36 • thehackernews.com
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world.The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS scheme
https://thehackernews.com/2026/05/microsoft-takes-down-malware-signing.html - On AI Security
Schneier on Security • 2026-05-20 07:21 • www.schneier.comGood report:
Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don’t actually work for measuring AI capabilities (even when they are NOT emergent systemic properties like security). So let’s take a step back: how do you measure security in the first place? Good question. Over the last 30 years, security engineering for software evolved from black box…
https://www.schneier.com/blog/archives/2026/05/on-ai-security.html - Identity Alone Isn't Enough: Why Device Security Has to Share the Load
BleepingComputer • 2026-05-20 07:02 • www.bleepingcomputer.com
Identity checks alone can’t stop attackers using stolen session tokens and compromised devices. Specops Software outlines why Zero Trust strategies increasingly depend on continuous device verification. […]
https://www.bleepingcomputer.com/news/security/identity-alone-isnt-enough-why-device-security-has-to-share-the-load/ - Drupal critical update to fix bug with high exploitation risk
BleepingComputer • 2026-05-20 05:52 • www.bleepingcomputer.com
Drupal has announced a “core security release” scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. […]
https://www.bleepingcomputer.com/news/security/drupal-critical-update-to-fix-bug-with-high-exploitation-risk/ - Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
The Hacker News • 2026-05-20 05:51 • thehackernews.com
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications.Webworm, first publicly documented by Broadcom-owned Symantec in September 2022, is assessed to be active since at least 2022, targeting government agencies
https://thehackernews.com/2026/05/webworm-deploys-echocreep-and-graphworm.html - Agent AI is Coming. Are You Ready?
The Hacker News • 2026-05-20 04:58 • thehackernews.com
New Industry Data Just Released Suggests Not.On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, “identity dark matter” (the unseen, unmanaged elements of identity) now overshadows the visible elements 57% vs. 43%. And it couldn’t have occurred at a worse time, with enterprises embracing Agent AI with both arms (and unfortunately, as
https://thehackernews.com/2026/05/agent-ai-is-coming-are-you-ready.html - GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
The Hacker News • 2026-05-20 04:38 • thehackernews.com
GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum.“While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises,
https://thehackernews.com/2026/05/github-investigating-teampcp-claimed.html - Exploit released for new PinTheft Arch Linux root escalation flaw
BleepingComputer • 2026-05-20 03:52 • www.bleepingcomputer.com
PinTheft, a recently patched Linux privilege escalation vulnerability, now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. […]
https://www.bleepingcomputer.com/news/linux/exploit-released-for-new-pintheft-arch-linux-root-escalation-flaw/ - Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
The Hacker News • 2026-05-20 03:30 • thehackernews.com
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires.
Download the CISO Expert Guide to Typosquatting in the AI Era →TL;DR
Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate third-party scripts.
https://thehackernews.com/2026/05/typosquatting-is-no-longer-user-problem.html - How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
Securelist • 2026-05-20 02:02 • securelist.com
We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).
https://securelist.com/exiftool-compromise-mac/119866/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
