Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation - A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence...
May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEs - Microsoft has addressed 130 vulnerabilities in its May 2026 security update release, fewer than April’s 164 vulnerabilities. This month's patches include fixes for 30 Critical vulnerabilities, along w[…]
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution - Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability,...
Hackers Disrupt Exams With Software Breach - Hacking group interrupts exams in breach of Canvas educational platform used by thousands of universities, schools in US, Canada, Australia
Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help - Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk alert...
Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities - Welcome to the largest educational data breach in history - affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas's parent company refused to pay and announced they had deployed "security patches" instead, the hackers were less than impressed....
Patch Tuesday, May 2026 Edition - Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including...
Meta must face allegations of improper Android user tracking, judge rules - Meta will have to face claims brought by Android users who say the company cynically and stealthily exploited vulnerabilities in Android smartphones to match users’ browsing activity to their Meta social media accounts. Why? For more detailed advertising profiles, of course.
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption - Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia , the security vulnerability...
[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It) - TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz and Okta/GitLab to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here . Most security tools work like a smoke alarm that goes off every time you...
FIRESIDE CHAT: Cyber insurers deepen SMB security role as supply chain attacks spread - The cyber insurance industry set out to manage financial risk. Along the way, it has quietly became the security operations provider for a significant share of American small businesses. An $11 billion acquisition agreement announced earlier this year suggests it intends to stay in that role.
State of ransomware in 2026 - Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching from data encryption to data leaks, and more.
