← Latest brief

Security news.

·Morning Brief

Today's security landscape is dominated by active exploitation threats, supply chain attacks, and critical unpatched vulnerabilities. A Microsoft Exchange zero-day is under active attack, Drupal is releasing urgent core security updates tomorrow, and multiple software supply chain campaigns continue targeting developer credentials and CI/CD systems.

DARK READINGZERO-DAY
May 18READ

Microsoft Exchange Zero-Day Under Active Attack, No Patch Available

CVE-2026-42897, a cross-site scripting vulnerability in Exchange Server, is being actively exploited to compromise Outlook Web Access (OWA) mailboxes with no patch currently available.

THN
May 19READ

Drupal to Release Urgent Core Security Updates on May 20

Drupal maintainers are issuing a critical core security release for all supported branches on May 20, 2026, warning that exploits may be developed within hours or days of release.

THNPHISHING
May 19READ

OAuth Consent Phishing Bypasses MFA, Compromises 340+ Microsoft 365 Organizations

The EvilTokens phishing-as-a-service platform compromised over 340 Microsoft 365 organizations across five countries by using fake device login pages that bypass multi-factor authentication.

THN
May 19READ

Compromised Nx Console VS Code Extension Steals Developer Credentials

A malicious version of the Nx Console extension (rwl.angular-console v18.95.0) with 2.2 million installations was published to the VS Code Marketplace and used to harvest credentials from developers.

THNBREACH
May 19READ

Popular GitHub Action Compromised to Steal CI/CD Credentials

The actions-cool/issues-helper GitHub Action was compromised with all existing tags redirected to malicious commits that harvest API keys, cloud credentials, SSH keys, and tokens from CI/CD pipelines.

THNMALWARE
May 19READ

Mini Shai-Hulud Worm Compromises @antv npm Packages, Including echarts-for-react

The Mini Shai-Hulud malware campaign has compromised npm packages in the @antv ecosystem, including echarts-for-react which has ~1.1 million weekly downloads, as part of ongoing supply chain attacks.

KREBSBREACH
May 18READ

CISA Contractor Leaked AWS GovCloud Keys and Internal Credentials on GitHub

A CISA contractor's public GitHub repository exposed highly privileged AWS GovCloud credentials and detailed information about CISA's internal software build, test, and deployment processes.

SECURITYWEEKRCE
May 19READ

Unpatched ChromaDB Vulnerability Enables Remote Code Execution Without Authentication

A critical, unpatched vulnerability in ChromaDB can be exploited remotely without authentication to execute arbitrary code and leak sensitive information.

Generated twice daily from public security RSS feeds. Informational only.