← Latest brief

Security news.

·Afternoon Brief

Today's security landscape is marked by active exploitation of critical vulnerabilities, a surge in supply chain attacks targeting developer environments, and significant law enforcement action against cybercrime. Several high-profile breaches and zero-day exploits underscore the persistent threat to both enterprise and individual users.

BLEEPINGBREACH
May 18READ

Leaked Shai-Hulud Malware Fuels New npm Infostealer Campaign

The recently leaked Shai-Hulud malware is now being actively used in new attacks targeting the Node Package Manager (npm) index, with infected packages emerging over the weekend.

THNZERO-DAY
May 18READ

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation

A security researcher has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day, codenamed MiniPlasma, which grants SYSTEM privileges on fully patched Windows systems by exploiting a flaw in "cldflt.sys."

SECURITYWEEKEXPLOIT
May 18READ

Exploitation of Critical NGINX Vulnerability Begins

A critical heap buffer overflow vulnerability in NGINX (CVE-2026-42945), affecting versions 0.6.27 through 1.30.0, is now being actively exploited in the wild, leading to denial-of-service and potential remote code execution.

BLEEPINGEXPLOIT
May 18READ

Exploit Available for New DirtyDecrypt Linux Root Escalation Flaw

A proof-of-concept exploit has been released for a recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module, allowing attackers to gain root access on some Linux systems.

BLEEPINGBREACH
May 18READ

Grafana Says Stolen GitHub Token Let Hackers Steal Codebase

Grafana Labs disclosed that hackers downloaded its source code after breaching its GitHub environment using a stolen access token, though no customer data or systems were impacted.

THNPOLICY
May 18READ

INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests

INTERPOL coordinated a major cybercrime crackdown across the Middle East and North Africa, resulting in 201 arrests and the identification of 382 additional suspects involved in malicious activities.

SECURITYWEEKBREACH
May 18READ

7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand

7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed to have stolen over 600,000 Salesforce records, including personal and corporate data.

SECURITYWEEKBREACH
May 18READ

Millions Impacted Across Several US Healthcare Data Breaches

Multiple healthcare data breaches impacting hundreds of thousands to millions of individuals have been added to the HHS tracker, highlighting ongoing vulnerabilities in the sector.

Generated twice daily from public security RSS feeds. Informational only.
Security News — May 18, 2026 · Afternoon | SecureMonk