← Latest brief

Security news.

·Afternoon Brief

Today's security news highlights significant law enforcement actions against cybercrime infrastructure, with the dismantling of a VPN service used by ransomware groups and the seizure of servers enabling cyberattacks. Additionally, several critical vulnerabilities are under active exploitation, including flaws in Drupal and Trend Micro Apex One, underscoring the ongoing threat landscape for web applications and endpoint security.

THNRANSOMWARE
May 22READ

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Authorities in Europe and North America have dismantled "First VPN Service," a criminal VPN used by ransomware groups and other cybercriminals to obscure their activities.

BLEEPINGPOLICY
May 22READ

Netherlands Seizes 800 Servers of Hosting Firm Enabling Cyberattacks

Financial crime investigators in the Netherlands arrested two individuals and seized 800 servers linked to a web hosting company that facilitated cyberattacks, interference, and disinformation campaigns.

SECURITYWEEKVULN
May 22READ

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure

Drupal is warning users of active exploitation attempts targeting CVE-2026-9082, a highly critical SQL injection vulnerability, shortly after its disclosure.

KREBSBREACH
May 22READ

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers are demanding answers from CISA after a contractor intentionally published AWS GovCloud keys and other agency secrets on a public GitHub account.

ZERO-DAY
READ

Trend Micro Warns of Apex One Zero-Day Exploited in the Wild

Trend Micro has addressed a zero-day vulnerability (CVE-2026-34926) in Apex One, which is actively being exploited in attacks targeting Windows systems.

THNPHISHING
May 22READ

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Belarus-aligned threat actor Ghostwriter (UAC-0057) is targeting Ukrainian government organizations with phishing emails using lures related to the Prometheus online learning platform.

THN
May 22READ

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

A new automated campaign dubbed "Megalodon" pushed 5,718 malicious commits to 5,561 GitHub repositories, injecting GitHub Actions workflows with base64-encoded bash payloads.

BLEEPINGMALWARE
May 22READ

US and Canada Arrest and Charge Suspected Kimwolf Botnet Admin

Authorities in the U.S. and Canada have arrested and charged a Canadian man for allegedly operating the Kimwolf DDoS botnet, which infected nearly two million devices.

Generated twice daily from public security RSS feeds. Informational only.