Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago. Good times. Phishing crews are getting smarter too - less obvious scam junk, more targeted stuff that actually
Cybersecurity News and Vulnerability Aggregator
Cybersecurity news aggregator
Updated: 5:00 pm
J/K Navigate / Search S Save V Open Link
— or
treemd <(curl -sL https://allsec.sh/md) (as Markdown) Top Cybersecurity Stories Today
There is no excerpt because this is a protected post. The post Protected: The State of AI Risk Management in 2026 appeared first on Heimdal Security Blog .
AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to help monitor usage, investigate risk, and support compliance. [...]
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity. "Deserialization of untrusted data in Microsoft Office SharePoint allows
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. [...]
Latest
Tuesday, May 26
Hi guys, I send out a weekly newsletter with the latest cybersecurity vendor reports and research, and thought you might find it useful, so sharing it here. All the reports and research below were published between May 18th - May 24th. You can get the below into your inbox every week if you want: [https://www.cybersecstats.com/cybersecstatsnewsletter/](https://www.cybersecstats.com/cybersecstatsnewsletter/) # Big Picture Reports **2026 Data Breach Investigations Report (Verizon)** Verizon's flagship DBIR, now in its 19th year, pulls together data from 31,000 real-world security incidents across 145 countries, with more than 22,000 confirmed as data breaches. **Key stats:** * 31% of breaches start with software vulnerabilities. * Only 26% of critical vulnerabilities were fully remediated by organizations in 2025, down from 38% the previous year. * The median time to full resolution increased to 43 days, almost 2 weeks longer than the previous year’s 32 days. *Read the full report* [*here*](https://www.verizon.com/business/resources/reports/dbir/)*.* **The Hidden Costs of Downtime (Splunk)** What does downtime cost Global 2000 companies? The answer is quite shocking ($15k a minute). **Key stats:** * Aggregate unplanned downtime costs for Global 2000 companies total $600 billion annually, representing a 50% increase in two years. * The average cost of downtime for organizations is $15,000 per minute. * Downtime costs an organization $95 million in lost revenue annually, nearly double the 2024 level. *Read the full report* [*here*](https://www.splunk.com/en_us/form/the-hidden-costs-of-downtime.html)*.* **The State of Patch Management Report 2026 (Adaptiva)** How does your patch management program compare to your peers? Find out in this report on patch management trends, challenges, and opportunities based on a survey of 200+ IT and security professionals. **Key stats:** * Since 2023, the share of organizations deploying patches within six days has nearly quadrupled, rising from 15% to 59%. * More than 60% of organizations rely on manual processes in at least part of the patch lifecycle. * Only 8% of organizations report fully autonomous patching today, but 90% plan to expand automation in the next 12 months. *Read the full report* [*here*](https://adaptiva.com/resources/report/state-of-patch-management)*.* **2026 State of Tech Talent Report (The Linux Foundation)** What's holding back AI adoption? Is it you, security person? If so, maybe keep holding. **Key stats:** * 48% of organizations report security concerns as the top barrier to AI adoption, up from 17% in 2024. * 57% of organizations report a significant capacity gap in AI security and risk management. * 40% of organizations report being understaffed in cybersecurity and compliance. *Read the full report* [*here*](https://www.linuxfoundation.org/research/open-source-jobs-report-2026)*.* **Cyber Threat Intelligence Report 2026 (Bridewell)** A really good report that covers a lot of ground, from how attackers are adapting their infrastructure, to identity-led compromise, infostealers, fragmenting ransomware, evolving social engineering, abuse of trusted platforms, AI-amplified capability, and emerging 2026 risks like edge exploitation and state-aligned cybercrime. **Key stats:** * In 2025, 27.89% of all adversary infrastructure tracked was hosted in the US, an increase from 23.63% in 2024. * Cobalt Strike accounted for 38.4% of all OST output, maintaining its position as the primary adversary framework. * Across 2025, 7,918 victim postings were observed on ransomware group data-leak sites across 129 distinct threat actors. *Read the full report* [*here*](https://www.bridewell.com/insights/white-papers/detail/cyber-threat-intelligence-report-2026)*.* # Supply Chain Security **2026 Supply Chain Vulnerability Report (Black Kite)** Over 48,000 CVEs were published last year. **Key stats:** * Of the 48,000+ CVEs published in 2025, only 58 represented a genuine, discoverable, and exploitable threat to enterprise supply chains. * Attackers exploited vulnerabilities an average of seven days before public disclosure in 2025. * 2,130 AI-related vulnerabilities were reported in 2025, a more than 200% increase since 2023. *Read the full report* [*here*](https://blackkite.com/reports/2026-supply-chain-vulnerability-report)*.* **2026 Software Supply Chain Security State of the Union (JFrog)** Where software supply chain security is improving and where it is…not improving. **Key stats:** * Malicious npm packages surged 451% year-over-year. * 97% of organizations claim they have certified model governance. * 53% of organizations self-host models from sources where malicious payloads have been detected. *Read the full report* [*here*](https://jfrog.com/software-supply-chain-state-of-union/)*.* # Mobile Application Security **2026 Application Security Threat Report (Digital.ai)** App attacks have been climbing for five years straight, and two sectors are taking the worst of it. **Key stats:** * Mobile application attack rates climbed 58% between 2022 and 2026, rising from 55% to 87%. * Financial services applications faced a 91% attack rate in 2026, the highest recorded for any vertical. * Automotive applications faced a 91% attack rate in 2026. *Read the full report* [*here*](https://digital.ai/resource-center/whitepapers/2026-application-security-threat-report/)*.* # AI Security **From Agentic Risk to Human Win: Building a Culture of Security in the Era of Agentic AI (KnowBe4)** Long-time readers (and security practitioners) already know that AI agents are doing real things in workflows, but too many organizations have no real handle on their AI use. **Key stats:** * 58% of cybersecurity leaders report that AI agents are already taking actions within organizational workflows. * 52% of organizations report their use of AI is unapproved or ungoverned. * Only 19% of cybersecurity leaders report that their organizations have an integrated and culture-embedded approach in place to manage human-related cybersecurity risk. *Read the full report* [*here*](https://www.knowbe4.com/hubfs/From_Agentic_Risk_to_Human_Wins_Report-Research_en-US.pdf)*.* **Enterprise AI Provisioned. So Why Is the Work in Personal Accounts? (Harmonic Security)** Turns out employees are doing a lot of their AI work for the business on personal accounts the company has no visibility into. **Key stats:** * 64.5% of activity on personal and free-tier AI accounts is business use rather than personal use. * 45.6% of employees' personal AI activity flows through enterprise tools their company is paying for. * 74.6% of all AI use at work has a clear business purpose. *Read the full report* [*here*](https://www.harmonic.security/resources/ai-usage-index-report-2026)*.*
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and public-sector bodies, financial services, and professional services, per the Threat Hunter Team from Symantec and Carbon Black.
Encrypted DNS in 2026: DoH, DoT, DoQ and DoH3 protocol comparison — including DNS hijacking attack vectors and what each protocol actually prevents
The security angle on encrypted DNS is often oversimplified. DoH prevents ISP-level snooping and basic DNS hijacking, but doesn't protect against a compromised resolver. DoT is easier to detect and block, which has real implications for threat actors trying to exfiltrate via DNS. DoQ is interesting from a security perspective because QUIC's connection ID migration makes traffic correlation harder. Article includes benchmark data and practical server config — but mostly written for the "which threat model does each protocol address" question.
I published a technical write-up on an old OLX account takeover issue. The core bug was an OTP correctness leak inside the rate-limit state. After repeated invalid OTP attempts, the application showed a lockout message. However, blocked submissions did not become response-equivalent. Invalid codes during lockout still produced the invalid-code signal. The valid code during lockout removed that signal while keeping the lockout message. That made the lockout state act as an oracle for whether the OTP was correct. The broader impact came from reuse of the verification flow across account paths, including recovery/reset-style flows, plus weak session revocation behavior after password change. The write-up focuses on the response-difference behavior, why the validity window mattered, how the issue escalated to account takeover, and why lockout states must stop leaking success/failure information.
There is no excerpt because this is a protected post. The post Protected: The State of AI Risk Management in 2026 appeared first on Heimdal Security Blog .
AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to help monitor usage, investigate risk, and support compliance. [...]
SonicWall MFA bypasses are the kind of vulnerabilities that make defenders uncomfortable because they undermine one of the controls organizations trust most. When remote access infrastructure starts failing at the authentication layer, exposure scales very quickly.
Microsoft is testing a new Defender for Endpoint capability that will automatically isolate compromised endpoints to thwart attackers' attempts to move laterally across the network. [...]
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity. "Deserialization of untrusted data in Microsoft Office SharePoint allows
GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered”
[https://cybernews.com/security/github-bans-researcher-releasing-windows-zero-days/](https://cybernews.com/security/github-bans-researcher-releasing-windows-zero-days/)
Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While that logic was sound, attackers have now figured out that they don't need to steal the second factor: they just need the user to hand it over. If your workforce authenticates with
🚨 14 npm/PyPI/AI Supply-Chain Threats Today (2026-05-26): Critical Worms, Parse Server DoS, and AI RCEs
This is the daily security digest covering confirmed npm, PyPI, and supply-chain security threats detected in the past 24 hours. A total of 14 threats have been identified across various ecosystems, including active credential harvesting campaigns. # 📊 Threat Summary |**Package(s)**|**Ecosystem**|**Severity**|**CVE**|**Vulnerability**| |:-|:-|:-|:-|:-| |u/cap-js`/sqlite`, `postgres`, `db-service`|npm|**CRITICAL**|CVE-2026-46421|Credential harvesting / Self-propagation| |u/beproduct`/nestjs-auth`|npm|**CRITICAL**|CVE-2026-46412|Mini Shai-Hulud worm payload| |`guardrails-ai`|PyPI|**CRITICAL**|CVE-2026-45758|Supply chain compromise| |`Parse Server`|npm|**HIGH**|CVE-2026-47138|DoS via header regex backtracking| |`qs`|npm|**HIGH**|CVE-2026-8723|Remotely triggerable DoS| |u/libp2p`/gossipsub`|npm|**HIGH**|CVE-2026-46679|Memory DoS (Subscription flood)| |u/libp2p`/kad-dht`|npm|**HIGH**|CVE-2026-45783|Disk exhaustion (Unvalidated PUT)| |`SQLFluff`|PyPI|**HIGH**|CVE-2026-46374|DoS via Resource Exhaustion| |`Diffusers`|ai-ml|**HIGH**|CVE-2026-45804|TOCTOU Remote Code Execution| |`lmdeploy`|ai-ml|**HIGH**|CVE-2026-46517|Unsafe remote-code load path| |`Crawlee for Python`|PyPI|**HIGH**|CVE-2026-46497|SSRF via sitemap-derived URLs| |`SillyTavern`|ai-ml|**HIGH**|CVE-2026-46372|SSRF in SearXNG Search Proxy| |`samlify`|npm|**HIGH**|CVE-2026-46490|XML Injection / Privilege Escalation| |`js-cookie`|npm|**HIGH**|CVE-2026-46625|Prototype hijack / Cookie injection| # 🚨 CRITICAL Alerts (Immediate Action Required) **1.** u/cap-js **ecosystem compromise (CVE-2026-46421)** * **Threat:** Compromised versions of u/cap-js`/sqlite`, u/cap-js`/postgres`, and u/cap-js`/db-service` were published to harvest credentials and self-propagate. * **Action:** Upgrade immediately (`sqlite` \>= 2.4.0, `postgres` \>= 2.3.0, `db-service` \>= 2.10.2). *Assume all local credentials are compromised if you installed the malicious versions.* **2.** u/beproduct**/nestjs-auth worm (CVE-2026-46412)** * **Threat:** Malicious versions containing payloads from the Mini Shai-Hulud npm supply-chain worm campaign were published. * **Action:** Remove and reinstall dependencies. Audit for signs of compromise if installed during the affected window (v0.1.2 - 0.1.19). **3. guardrails-ai compromise (CVE-2026-45758)** * **Threat:** A malicious version of `guardrails-ai` (0.10.1) was published to PyPI. It has been quarantined. * **Action:** Uninstall `guardrails-ai==0.10.1` and reinstall a known good version. # ⚠️ HIGH Severity Highlights * **Denial of Service (DoS) Wave:** Several major packages are vulnerable to crashing today. **Parse Server** (CVE-2026-47138) can be taken down pre-auth via a regex backtracking attack in the client version header. **qs** (CVE-2026-8723) will crash on specific `null`/`undefined` arrays. u/libp2p packages are vulnerable to both memory and disk exhaustion attacks. * **AI Toolchain Remote Code Execution:** Both **Diffusers** (CVE-2026-45804) and **lmdeploy** (CVE-2026-46517) have vulnerabilities bypassing `trust_remote_code` guardrails, allowing arbitrary remote code execution on model fetch. * **SSRF & Injection:** **Crawlee for Python** and **SillyTavern** both suffer from SSRF vulnerabilities requiring configuration updates. **samlify** is vulnerable to XML injection leading to privilege escalation, and **js-cookie** is vulnerable to a prototype hijacking attack. *Automated daily digest, created via* [*https://github.com/Deam0on/wakellm*](https://github.com/Deam0on/wakellm) *- feedback welcome. Stay safe out there!*
As Americans stew over the looming risk of job-stealing AI and data centers in their back yards, the feds are raising the alarm about a new category of threat, documents obtained by WIRED show.
The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability
Follow up doubts regarding last two
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. [...]
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026. The activity, besides embracing
The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. [...]
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading to
Monday, May 25
I'm a security professional who has dealt with ransomware. AMA about incident response and business continuity.
The editors at CISO Series present this AMA. For this edition, we've assembled a panel of security professionals who have navigated ransomware firsthand. From initial response to recovery to building resilience. Whether you've wondered what an attack actually looks like from the inside, how organizations keep running when systems go down, or what it takes to bounce back, they're here all week to answer your questions. This week's participants are: * Gary Hayslip, ([u/Shaynei](https://www.reddit.com/user/Shaynei/)), former vp, senior security advisor, Halcyon * Peter Clay, ([u/cpthuah36](https://www.reddit.com/user/cpthuah36/)), CISO, Aireon * Trey Blalock, ([u/Trey-Blalock-AMA](https://www.reddit.com/user/Trey-Blalock-AMA/)), former CISO, researcher & keynote speaker, Verification Labs * Adam Marre, ([u/amarre\_sec](https://www.reddit.com/user/amarre_sec/)), CISO, svp, Arctic Wolf [Proof photos](https://imgur.com/a/keC6jUa) Thanks to all of our participants for contributing! This AMA will run all week from 05-25-2026 to 05-30-2026. Our participants will check in throughout the week to answer your questions. All AMA participants were selected by the editors at CISO Series (/r/CISOSeries), a media network of five shows focused on cybersecurity. Check out our podcasts and weekly Friday event, Super Cyber Friday, at[ cisoseries.com](http://cisoseries.com).
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 45th government onboarded to Have I Been Pwned’s free gov service: Bhutan. The Bhutan Computer Incident Response Team, BtCIRT, now has access to monitor Bhutanese government domains against the data in HIBP. As Bhutan’s national CIRT, BtCIRT is responsible for consuming threat intelligence and sharing relevant insights with its constituents, helping identify and respond to cyber risks affecting government services and the people who depend on them. This is exactly the sort of organisation the HIBP government service was built to support: national cybersecurity teams using breach data to identify leaked credentials and compromised databases associated with their government domains. BtCIRT now joins the growing list of national CIRTs and government cybersecurity teams using HIBP to better understand their exposure, respond quickly when new breaches appear, and reduce the risk posed by compromised credentials before attackers can take advantage.
# The Problem AI’s gotten so good at code analysis that it can spot software vulnerabilities in just seconds. If you want a vivid explanation, Theo (t3.gg) breaks it down here: [https://www.youtube.com/watch?v=M\_HxHr7du5M.](https://www.youtube.com/watch?v=M_HxHr7du5M.) To make it simple: for decades, three assumptions kept software more secure – and now none of them hold up. Here’s the first assumption: finding exploits took highly paid experts. That’s what kept attackers limited. AI erased that overnight. Now, anyone with enough computing power and a model can zero in on vulnerabilities in real software in minutes. Second: the 90-day window for coordinated disclosure was supposed to be enough time. If you spotted a bug, maintainers had 90 days to patch and roll it out before everyone found out. That relied on assumption one. Without it, the window vanishes – two independent researchers found a huge Linux kernel exploit within nine hours of each other. Third: going from patch to a working exploit was hard. Maintainers used to merge fixes quietly, with bland commit messages, hoping to buy time before attackers figured it out. AI ended that, too. Feed a four-line code diff into an AI model, ask if it looks like a security patch, and two out of three major models nail it right away – without reading the commit message. Now, the pipeline from patch to exploit is automatable. So now, every piece of software, especially open-source, is exposed to zero-days at a speed and scale no one’s seen before. And as AI keeps improving, it only gets worse. Vulnerabilities are found faster and faster, but patching sticks to its old pace. That gap? It grows every month. # Why Conventional Responses Are Not Enough **Patching Faster** The obvious answer is patching faster. If AI finds bugs quicker, use it to patch them quicker, too. Sure, you shave off some risk around the edges, but it changes nothing fundamental. The attack surface never shrinks. AI scanners just jump to the next bug. Patching faster is like sprinting on a treadmill – you’re not getting off it. **Ending Open-Source** More drastic: kill open-source. If the source isn’t public, AI can’t analyze it directly. For a brief moment, that might slow things down. But it won’t stop AI for long. Without source code, AI can reverse-engineer binaries. Obfuscation slows that, but now we’re locked in a never-ending battle of AI obfuscation versus AI deobfuscation. There’s no clear winner here. If your software runs strictly on the backend and never gets distributed, attackers just probe the backend via its public interfaces with crafted requests. AI is fantastic at that, too. Honestly, we all love open-source. It’s one of the most powerful drivers software’s ever had. Closing it would be a huge loss with minimal security advantage. The answer here is no. # The Root Cause: Too Much to Attack Both patching faster and hiding source code try to win the same race with AI. Neither deals with why this race is so brutal. The real issue is the attack surface size. A typical production app pulls in hundreds of third-party libraries. Each of those pulls in more. The code available for AI to scan is a hundred times bigger than what the developer actually wrote. Most of it has never been read or audited by anyone on the team. It’s all public, constantly scanned, and grows with every install. Attackers now target code developers trusted, not just code developers wrote themselves. Look at supply chain attacks: the 84 Tanstack packages compromised, CopyFail exploits in Python libraries, CI pipeline attacks – they all exploited dependencies, not application logic. If you can’t win by running faster, shrink what you’re racing to protect. # Making Software Easier to Patch: The Visual Programming Direction One practical way forward is to make patching easier by breaking apps into small, independently replaceable parts. Plugin architectures do this. Smaller parts mean smaller attack surfaces, and you can patch just the component instead of the whole system. This helps, but only to a point. Plugins still rely on third-party libraries, so attack surfaces don’t really shrink. Plugin systems also pile on their own headaches: more to manage, compatibility issues between versions, more complexity as the number of plugins grows. Visual programming languages (VPLs) push this idea further – and they solve new problems plugin systems introduce. In a VPL, each block on a diagram acts as a standalone, replaceable component. Unlike text-based plugins, VPLs give full transparency: the logic is right there on the diagram. Any developer can look at it and instantly get what the program does without digging through code. Swapping a block doesn’t need compilation – it just needs to fit with the blocks it connects to. Patching becomes as easy as drag-and-drop. These blocks are simple to replace and simple to isolate. If one’s compromised, you can disconnect or disable it right then and there without recompiling, minimizing collateral damage while prepping a fix. Transparency matters for security beyond patching. With text, the logic connecting components is more hidden – you have to read code to understand. In a visual program, it’s laid out in the diagram. No room for shady connections. **Composable Blocks and the Visual Hierarchy** The best VPLs don’t just pile up blocks – they let blocks contain other blocks, forming a deep hierarchy. High-level business logic sits at the top. Open any block and you see its internal workflow. Go deep enough, you hit leaf blocks at the bottom – these are where real code lives. This structure is what makes VPLs usable for real, complex apps and not just toy demos. The main diagram stays neat. All the messy stuff gets tucked inside blocks. Any layer you want can be swapped out without touching the rest. # The VPL Security Model: Shrinking the Attack Surface **Third-Party Libraries as Visual Workflows** People usually think a visual app replaces all its outside libraries with AI-generated code. That’s not realistic. Libraries pack in too much functionality to recreate from scratch. The realistic scenario: third-party libraries are visual workflows themselves. In a VPL ecosystem, a library is a visual workflow with a bit of code at the leaves for OS interaction. Applications mix these library visuals with their own. This changes everything for security. If you find a bug in a library, you can dive in and fix it right in its workflow, since you see everything. Or you can wait for a patched version and drop in the new block. No need for recompiling or risking breakage elsewhere. Either way, it’s faster, more transparent, and less risky than patching opaque text-based libraries – where changing one thing might break another. **The Leaf Code Layer: Where Vulnerability Lives** At the bottom of visual hierarchies sit the leaf blocks, the only place for code. These handle things like OS calls, file reads, network connections – the low-level stuff. Leaf code can call text libraries. But you want to make dependencies here as thin as possible. The simpler the leaf code, the smaller the attack surface. First, try AI code generation. If the dependency is small or simple, have AI build it directly instead of pulling in a library. That wipes out the dependency altogether – the new code isn’t public, so nothing for AI scanners to target. The second level, as AI capabilities grow, is direct visual workflow generation. Rather than generating text code, AI will be able to generate complete visual workflows with a thin leaf code layer. This makes dependency self-production an even more attractive option: the generated component is not just functional but transparent, composable, and fully auditable as a visual workflow. If you have to use third-party stuff, prefer VPL-based libraries. You get transparency and easy patching. Their attack surface beats opaque text libraries any day. When all these practices are applied together, the application approaches the ideal state: no or minimum third-party library dependencies and maximum use of VPL-based libraries, with the attack surface reduced to the operating system or close to it. # Why Pipe Is the Right VPL **The Gap No Existing VPL Has Closed** Visual languages aren’t new – LabVIEW owns engineering, Simulink rules in aerospace, Node-RED is all over IoT, Unreal Blueprints for games. None of them fit the broad security needs outlined here. They're either built for niche domains, or just can't handle production-level complexity. To truly shrink attack surfaces in production apps, a VPL has to be general-purpose enough to cover any domain, and robust enough for real-world code. [Pipe](https://pipelang.com/) (pipelang.com) is built exactly for that. It’s general-purpose and sophisticated enough to handle production-level applications anywhere. Seven years went into its architecture, ten provisional USPTO patents cover its design, and you can check out the full language spec at [pipelang.com](https://pipelang.com/). **How Pipe Implements Block Interfaces: Domains and Overlaps** In Pipe, each block input is analogous to an independent API endpoint. The interface of that endpoint is defined by a domain: a hierarchical data structure, a tree where each node can have both a value and children, similar to JSON but more expressive. Domains are assigned to block inputs and outputs. When two blocks hook up with different domains, Pipe resolves this with “overlaps”: it lines up matching tree paths between the output and the input domains, passing data where paths match. Unmatched nodes take explicitly defined or implicitly assumed default values. That means nearly any two Pipe blocks connect easily, even if their interfaces don’t match up cleanly (except for incompatible data types). The domain overlap gives you flexible connections, making Pipe practical at scale. And Pipe guarantees interface contracts, so developers don’t have to write validation at block boundaries. **Addressing the Drawing Effort Concern** Some folks say visual diagrams take more effort than plain code. Here’s why that’s not a problem. Pipe diagrams are naturally more compact. A block needing lots of input parameters doesn’t need separate lines for each – one domain connection carries everything. Seven parameters, one connection. Diagrams stay neat, even as logic grows. Plus, Pipe lets you modify workflows with AI. Want to add blocks, reroute, restructure? Just describe it in natural language and Pipe does the work. Diagram maintenance gets as easy as telling the system what you want, not fussing with box placement. # The Security Spectrum Not every app can jump straight to Pipe with slim leaf code, but every step toward it is a serious security boost. * **Step 1. Open-source text code and libraries:** entire source and dependencies open to AI scanning. Biggest possible attack surface. * **Step 2. Closed-source text code with libraries:** source hidden, but binaries are reverse-engineerable, APIs exposed. Libraries still wide open. * **Step 3. Pipe with some text libraries:** dramatically shrinks the attack surface, but remaining text libraries still risky. * **Step 4. Pipe with visual library workflows and thin leaf code:** almost no third-party library dependencies, only VPL-based ones. Attack surface drops down to mostly just the OS. That last step is the end goal. You don’t need to get there instantly or completely – even moving partway over is already a big improvement from old-school architectures. # Conclusion AI made finding vulnerabilities cheap, fast, and possible for just about anyone. Patching faster helps a bit, but doesn’t address the real structural flaw. Killing open-source is a massive loss for little actual gain. The right answer? Reduce the attack surface. Pipe, with libraries represented visually and leaf code kept thin for OS calls, gets you there. Everything is transparent and auditable at every level. You can isolate parts instantly. Patching is safer and faster. Supply chain risk from libraries is nearly gone. Remaining vulnerabilities shift to the OS – which the vendor maintains. As AI generates more code faster, the need for VPLs such as Pipe will grow. The goal isn’t making software bulletproof, but making it fundamentally harder to exploit. When your only attack surface left is the operating system, you’ve actually achieved that.
Anthropic appears to be preparing for the public rollout of the Mythos model, which was announced in April as a restricted model that poses major security risks to private and public software. [...]
Ciaran Martin says Reform UK leader’s allegation over Guardian report on £5m gift ‘entirely unsubstantiated’ Nigel Farage’s claim that a Russian hack was behind a Guardian report on the £5m gift he received from a crypto billionaire has been described as “without any merit” by a former head of the National Cyber Security Centre. Ciaran Martin, founding chief executive of the agency, which is part of GCHQ, said Farage’s allegation, if true, would have major implications for UK policy towards Russia but that the Reform UK leader had yet to provide “a shred of evidence”. Continue reading...
Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago. Good times. Phishing crews are getting smarter too - less obvious scam junk, more targeted stuff that actually
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions , an Internet service provider sanctioned last year by the EU as a frequent staging ground for cyber mischief from Russia’s intelligence agencies. An investigator with the Tax Intelligence and Investigation Service (FIOD), the Dutch financial crimes agency, during the raid. Image: FIOD. The Dutch daily news outlet de Volkskrant reports that the Dutch financial crime agency FIOD on May 18 arrested a 57-year-old from Amsterdam and a 39-year-old from The Hague, charging them with violating sanctions law by directly or indirectly making economic resources available to EU-sanctioned ent
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). [...]
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the
Threat Intel: ShinyHunters Leaks 9.4GB Database of 7-Eleven Franchisee Systems Post-Extortion Refusal
**Overview**: On May 24, 2026, the data breach notification service Have I Been Pwned (HIBP) integrated a dataset originating from an April 2026 extortion campaign targeting 7-Eleven. The breach, attributed to the threat actor group ShinyHunters, compromised 185,300 unique accounts and resulted in a 9.4GB cleartext data dump following the organization's refusal to comply with ransom demands. **Attack Vector & Targeted Infrastructure** The initial compromise occurred on or around **April 8, 2026**. Forensic indicators and lateral movement tracking indicate the threat actors did not target point-of-sale (POS) networks or central customer-facing databases. Instead, the breach was localized to external cloud-managed systems - specifically infrastructure dedicated to corporate **franchisee document management and onboarding portals**. The vector aligns with recent ShinyHunters operational methodology involving targeted credential harvesting, session hijacking, and the exploitation of permissive API keys within integrated third-party identity management providers. **Data Profile & Exfiltrated Schemas** Following a failed extortion deadline set by the actors between April 17 and April 21, the full 9.4GB archive was leaked to the public internet. The schema validation confirms that the compromised database contains: * **Primary PII:** Full names, verified email addresses, mobile and landline telephone numbers, and residential physical addresses. * **Sensitive Administrative Records:** Dates of birth and corporate filing metadata. * **Vetting Documentation:** A subset of the leaked files contains sensitive background check documentation, including Social Security Numbers (SSNs) and state-issued identification numbers submitted during the franchise application phase. **Operational Timeline** * **2026-04-08:** Detection of unauthorized access to the franchisee document storage cluster. * **2026-04-17:** ShinyHunters list 7-Eleven on their public Tor leak site, establishing a 4-day payment window. * **2026-04-22:** Following 7-Eleven's administrative refusal to negotiate or pay the extortion fee, the actors published the complete unencrypted archive. * **2026-05-24:** Complete data ingestion, de-duplication, and formal verification completed by HIBP. **Technical Analysis & Core Metrics** The incident highlights a persistent trend where threat actors deliberately target non-production, administrative, or third-party adjacent business environments to bypass hardened perimeter controls protecting primary consumer data.
Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase fewer false positives. The old complaint lingers in part because reputations are sticky, and because NDR has evolved
As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly.
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader. "DPAPILoader decrypts and
To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the [Reverse Engineering StackExchange](http://reverseengineering.stackexchange.com/). See also /r/AskReverseEngineering.
Sunday, May 24
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Well, that didn't last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massive haul that would have been the Instructure ransom. It was two weeks almost to the hour since I'd first heard rumour of payment being made, and I posited that groups like this often go quiet after they feel the heat, only to emerge shortly after, the drug that is hacking being too strong to ignore. Anyway, here we now are: ShinyHunters Claims 3 New Victims https://t.co/v8Wf457Gbp : U.S.-based dental benefits administrator and oral health company. Charter Communications, Inc.: U.S. telecommunications and cable company best known for Spectrum internet, TV, mobile, and phone services. … pic.twitter.com/epWcVVGRHa — Dark Web Informer (@DarkWebInformer) May 22, 2026 DentaQuest has since been removed, but their website is currently returning "Access Denied", which isn't a great look. Obviously, the broken website doesn&apos
Saturday, May 23
A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. [...]
Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. [...]
Plus: Google publishes a live exploit for an unpatched flaw, the feds arrest two men accused of creating thousands of nonconsensual deepfake nudes, and more.
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions "The timing and pattern of the newly published tags
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions. "Any cPanel user (including an attacker or a compromised account) may
Friday, May 22
Just added an interactive security map to my project NoEyes showing exactly what the server sees (and doesn't)
repo : [https://github.com/Ymsniper/NoEyes](https://github.com/Ymsniper/NoEyes)
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron, the disruption of First VPN Service was led by France and the Netherlands, with several other nations supporting the
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials. On May 18, KrebsOnSecurity reported that a CISA contractor with administrative access to the agency’s code development platform had created a public GitHub profile called “ Private-CISA ” that included plaintext credentials to dozens of internal CISA systems. Experts who reviewed the exposed secrets said the commit logs for the code repository showed the CISA contractor disabled GitHub’s built-in protection against publishing sensitive credentials in public repos. CISA acknowledged the leak but has not responded to questions about the duration of the data exposure. However, experts who reviewed the now-defunct Private-CISA archive said it was originally created in November 2025, and that it exhibits a pattern consistent with an individual operator using the repository as a working scratchpad o
The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine (CERT-UA), involves sending phishing emails to government entities using compromised accounts. It's been
Harvard and \~140 other compromised legitimate sites are now spreading ClickFix malware. hxxps://hir.harvard.edu/israel-and-international-football-a-breaking-point/ hxxps://hir.harvard.edu/a-better-way-forward-an-interview-with-paul-ryan/ Both contain a remote load script in it's HTML that reverses it's C2 `sj.ssc/ipa/orp.eralfduolccitats` to original form and then displays the ClickFix box from it. C2: hxxps://staticcloudflare.pro AnyRun identifies the loading pattern well: * [https://app.any.run/tasks/2ac73567-8bdf-41b0-999e-08057deb3dd3](https://app.any.run/tasks/2ac73567-8bdf-41b0-999e-08057deb3dd3) * [https://app.any.run/tasks/8362c5f5-11ab-4b34-b7a5-8e2fb2d6355c](https://app.any.run/tasks/8362c5f5-11ab-4b34-b7a5-8e2fb2d6355c) Sandbox detonation of one of the ClickFix payloads: [https://app.any.run/tasks/bf4b5c8d-f76d-4398-b465-9a1d8ec899bb](https://app.any.run/tasks/bf4b5c8d-f76d-4398-b465-9a1d8ec899bb) Original post and more discovered compromised URL's: [https://x.com/rifteyy/status/2057842147630411877](https://x.com/rifteyy/status/2057842147630411877)
Two former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide. [...]
"When performing security assessments on HTTP-based applications, whether web, mobile, APIs, or thick clients, the standard workflow is straightforward: put Burp Suite in the middle, and you’re good to go. Most of the time, that’s all you need. Every now and then, though, you run into a small but significant class of applications where that workflow breaks down. Custom protocols, payload encryption, request signatures, replay protection, non-standard encoding, these are the scenarios where you can no longer work manually the way you’re used to, and where Burp’s automated tools (Intruder, Scanner) stop being useful because they’re operating on data they can’t meaningfully read or modify. In this talk I took one of these complexities as example, additional payload encryption**,** and used it as a vehicle to explore advanced approaches based on **custom Burp extensions** to restore full testability: working manually in Proxy and Repeater, running automated tools like Intruder and Scanner, and even driving external tools like SQLMap through Burp, all as if the complexity simply weren’t there."
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. [...]
Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. [...]
In March 2026, attackers exploited a pull_request_target misconfiguration in the aquasecurity/trivy-action GitHub Action to exfiltrate organization and repository secrets, then used those credentials to backdoor LiteLLM on PyPI (see Trivy’s post-mortem for the full timeline). zizmor is a static analyzer that GitHub Actions users run to catch exactly these misconfigurations before they ship. When GitHub Actions added support for YAML anchors in September 2025, a small but high-value slice of the ecosystem started writing workflows that zizmor could only analyze on a best-effort basis. Over the past three months, Trail of Bits collaborated with the zizmor maintainers to bring zizmor ’s anchor support up to full coverage. First, we fixed parsing bugs that caused crashes, produced wrong-location findings, and silently mishandled aliased values. Second, we surfaced deserialization edge cases that broke zizmor on otherwise valid workflows. Finally, we helped align zizmor ’s expression evaluator with GitHub’s own Known Answer Tests . We validated all of this against a new corpus of 41,253 workflows from 6,612 high-value open-source repositories. The result: 20 filed issues, 15 merged pull requests. Building the test corpus To u
GreyNoise compared 119,842 malicious IPs against 11 major threat feeds. The average coverage: just 2%, exposing the limits of static blocklists.
Thursday, May 21
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf , a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces criminal hacking charges in both Canada and the United States. A criminal complaint unsealed today in an Alaska district court charges Jacob Butler , a.k.a. “ Dort ,” of Ottawa, Canada with operating the Kimwolf DDoS botnet. A statement from the Department of Justice says the complaint against Butler was unsealed following the defendant’s arrest in Canada by the Ontario Provincial Police pursuant to a U.S. extradition warrant. Butler is currently in Canadian custody awaiting an initial court hearing scheduled for early next week. The government said Kimwolf targeted infected devices which were traditionally “firewalled” from the rest of the internet, such as digital photo frames and web cameras. The infected systems were then rented to other cybercriminals, or forced to participate in record-smashing DDoS attacks, as well as assaults that affected Internet address ranges for the Department of Defense . Consequently, the DoD’s Defense Criminal Investigative Service is investigating the case, with assistance from the FBI field office in Anchorage. “KimWolf was tied to DDoS attacks which were measured at nearly 30 Terabits per second, a record in recorded DDoS attack volume,R
Three firms will pay nearly $1 million for selling “Active Listening” technology that they claimed tapped people’s phones for advertising. The FTC alleges the “tech” was just pricey email lists.
durabletask (Microsoft's Python Durable Task client) compromised by TeamPCP | same Mini Shai-Hulud payload as last week's TanStack wave
We've been tracking TeamPCP since March. This is the fifth major package in the same campaign. Full chronology: * **Mar 19** — Trivy compromised. CI/CD secrets harvested downstream. * **Mar 24** — LiteLLM 1.82.7/1.82.8 to PyPI via credentials stolen through Trivy. \~95M monthly downloads. \~1,000 cloud environments in a 3-hour window. * **Mar 27** — Telnyx Python SDK 4.87.1/4.87.2 to PyPI. WAV steganography for payload delivery. \~670K monthly downloads. * **April** — Bitwarden CLI, SAP npm packages, PyTorch Lightning. * **May 11** — 84 malicious versions across \~170 packages (@tanstack/*, guardrails-ai,* u/mistralai*/*, OpenSearch). First SLSA Build Level 3 provenance bypass. OpenAI hit downstream. * **May 20** — durabletask 1.4.1/1.4.2/1.4.3. Reads Vault, 1Password, Bitwarden, SSH keys, Docker creds. Propagates via AWS SSM and kubectl exec. We wrote on the LiteLLM chain in March when this started. Same TTPs, different package: [https://www.bluerock.io/post/litellm-supply-chain-protection](https://www.bluerock.io/post/litellm-supply-chain-protection)
CVE-2026-34474 covers a pre-auth credential disclosure in ZTE ZXHN H298A 1.1 and H108N 2.6 router web interfaces. The short version: an ETHCheat branch returns credential-bearing HTML before authentication. The captured fields include the admin password, WLAN PSK, and ESSID, and a companion wizard endpoint exposes serial data. The writeup keeps the PoC output redacted and focuses on the response behavior, affected scope, and disclosure trail.
Hello all, The past few months I really got into Malicious Browser Extensions. During the creation of my project I started an automation that collects malicious browser extensions. During my thesis as a student I struggled to find CRX files.. so I created my own database of them. Here is the github for it: [https://github.com/GherardoFiori/MaliciousBrowserExtensions](https://github.com/GherardoFiori/MaliciousBrowserExtensions) Here is more info about the automation behind it: [https://buio.me/n8n](https://buio.me/n8n) I hope this can help someone with their own research around this subject. Since I really struggled to get my hands on crx files when it came to "malware" or "malicious"
I built 99 adversarial PE fixtures to stress‑test parsers — here’s what they reveal about malformed binaries
I just wrapped a 99‑fixture adversarial PE corpus for IOCX — deterministic, spec‑aware, malformed‑but‑parseable binaries, each isolating a single structural anomaly. The whole thing is only 250 KB and it already helped tighten up an unreleased validator. IOCX now walks even the most pathological PEs with confidence. Honestly, this is the most fun I’ve had with PE internals in years. Happy to share details if anyone’s curious. Github: [https://github.com/iocx-dev/iocx](https://github.com/iocx-dev/iocx)
France is already moving on from Zoom and Microsoft Teams in favor of homegrown alternatives. Other countries are quickly following suit.
A look at how Kubernetes CVE-2021-25740 allows users with EndpointSlice access to redirect traffic via shared ingress and load balancer services.
A new SonicWall scanning surge mirrors the pattern that preceded CVE-2026-0400. GreyNoise details the activity and what defenders should watch.
Wednesday, May 20
Overview A privilege escalation vulnerability, nicknamed "Dirty Frag," has been discovered in the Linux kernel versions 4.10 and later. This vulnerability is a result of chaining together two previously discovered vulnerabilities, xfrm-ESP Page-Cache Write CVE-2026-43284 and the RxRPC Page-Cache Write CVE-2026-43500 . This vulnerability was publicly disclosed on May 07, 2026. Description Dirty Frag is a Linux kernel vulnerability affecting the IPv4/IPv6 fragmentation and reassembly subsystem. The issue stems from improper handling of overlapping or malformed fragment offsets during the reassembly process. An attacker capable of sending crafted network packets to a vulnerable host can exploit the flaw to trigger memory corruption conditions. The publicly documented proof of concept demonstrates that fragmentation logic can be manipulated such that the kernel processes inconsistent fragment states, enabling a controlled write out-of-bounds scenario. When successfully exploited, this can result in local or remote denial of service (kernel panic) and, depending on configuration and kernel build options, may create a primitive for more advanced memory manipulation. The vulnerability arises from insufficient validation of fragment metadata during reassembly, specifically around: Incorrect or incomplete enforcement of fragment boundary checks Acceptance of overlapping fragments in unsafe sequences Inadequate cleanup when transitions occur between valid and invalid fragment states The fragment queue logic in affected kernels does not fully verify that fragment offsets, sizes, and overlap
Attorney John Scola is representing a police officer who is suing over injuries allegedly sustained while working security at an MSG property in 2025.
A new study finds AI companies, defense firms, and dating apps are among 38 data collectors allegedly using manipulative design to confuse users while collecting their data.
Tuesday, May 19
Key Takeaways What AI Pentesting Means for Continuous Security Validation Every CISO conversation I’ve had this quarter circles back to the same problem: AI produces more vulnerability findings than security teams can read in a week, and it clouds their understanding of which findings are connected to real business risk. This week’s Wall Street Journal […] The post AI Can Find More Vulnerabilities. Humans Still Decide What Matters. appeared first on Synack .