← Latest brief

Security news.

·Afternoon Brief

Today's cybersecurity news highlights critical vulnerabilities and ongoing supply chain attacks. Drupal is set to patch a highly critical vulnerability, while new waves of malware are compromising npm packages and targeting macOS users. Additionally, a CISA contractor's leaked AWS GovCloud keys underscore persistent issues with fundamental security hygiene.

DARK READINGZERO-DAY
May 18READ

Microsoft Exchange Zero-Day Under Active Attack

A cross-site scripting (XSS) vulnerability, CVE-2026-42897, in Microsoft Exchange is being actively exploited to compromise Outlook Web Access (OWA) mailboxes, with no patch currently available.

SECURITYWEEKPATCH
May 19READ

Drupal to Patch Highly Critical Vulnerability

Drupal will release an urgent core security update on May 20th for a highly critical vulnerability that attackers could exploit within hours or days.

KREBSBREACH
May 18READ

CISA Contractor Leaked AWS GovCloud Keys on GitHub

A CISA contractor publicly exposed credentials to highly privileged AWS GovCloud accounts and internal CISA systems via a GitHub repository, revealing details on CISA's software development.

BLEEPINGMALWARE
May 19READ

New Shai-Hulud Malware Wave Hits 600 npm Packages

Threat actors have published over 600 malicious packages to the npm index as part of a new Shai-Hulud supply-chain campaign, with a "Mini Shai-Hulud" variant also compromising @antv ecosystem packages.

BLEEPINGBREACH
May 19READ

Microsoft Self-Service Password Reset Abused in Azure Data Theft

A threat actor is exploiting Microsoft 365 and Azure production environments, abusing legitimate applications and administration features, including Self-Service Password Reset, to steal data.

DARK READINGMALWARE
May 19READ

SHub Reaper Stealer Backdoors macOS

The SHub Reaper stealer is now spoofing Google, Microsoft, and Apple services, hiding behind fake WeChat and Miro installers to execute Apple script-based backdoors on macOS.

THNVULN
May 19READ

PoC Released for DirtyDecrypt Linux Kernel LPE Vulnerability

Proof-of-concept exploit code has been released for DirtyDecrypt (CVE-2026-31635), a recently patched Linux kernel flaw allowing local privilege escalation to root.

SECURITYWEEKPATCH
May 19READ

Unpatched ChromaDB Vulnerability Can Lead to Server Takeover

A critical, unpatched vulnerability in ChromaDB allows unauthenticated remote attackers to execute arbitrary code and leak sensitive information, potentially leading to a complete server takeover.

Generated twice daily from public security RSS feeds. Informational only.