Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-14 03:00 PDT
- When ransomware gets physical: cybercriminals turn to threats of violence
Graham Cluley • 2026-05-14 02:28 • www.bitdefender.com
Pay up, or we’ll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats – and even hiring local muscle to deliver the message.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/ransomware-physical-threats-violence - US charges suspected Dream Market admin arrested in Germany
BleepingComputer • 2026-05-14 01:55 • www.bleepingcomputer.com
The alleged main administrator of Dream Market Incognito Market, one of the largest dark web marketplaces before its shutdown, has been indicted in the United States on money laundering charges. […]
https://www.bleepingcomputer.com/news/security/us-charges-suspected-dream-market-admin-arrested-in-germany/ - New Fragnesia Linux flaw lets attackers gain root privileges
BleepingComputer • 2026-05-14 00:34 • www.bleepingcomputer.com
Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. […]
https://www.bleepingcomputer.com/news/security/new-fragnesia-linux-flaw-lets-attackers-gain-root-privileges/ - New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
The Hacker News • 2026-05-14 00:06 • thehackernews.com
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks.
Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel’s XFRM
https://thehackernews.com/2026/05/new-fragnesia-linux-kernel-lpe-grants.html - Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
SANS ISC Diary (full) • 2026-05-13 23:08 • isc.sans.eduBesides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of all formatting, and destinations of all links included in the message become visible to the user, as you can see in the following images which show the same e-mail when it is placed in the inbox, and when it is placed in the Junk folder.
- 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
The Hacker News • 2026-05-13 23:00 • thehackernews.com
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years.
The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a
https://thehackernews.com/2026/05/18-year-old-nginx-rewrite-module-flaw.html - ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)
SANS ISC Diary (full) • 2026-05-13 21:20 • isc.sans.edu
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
https://isc.sans.edu/diary/rss/32988
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
