Security News
Latest Updates

SecurityWeek

Latest cybersecurity news

Hundreds of Malicious Packages Force RubyGems to Suspend Registrations - May 13, 2026

More than 500 packages were pushed during the attack, but the target appears to have been RubyGems itself rather than users.

The post Hundreds of Malicious Packages Force RubyGems to Suspend Registrations appeared first on SecurityWeek.

ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA - May 13, 2026

Many ICS vendors have not released new advisories for the May 2026 Patch Tuesday.

The post ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA appeared first on SecurityWeek.

Microsoft Patches 137 Vulnerabilities - May 12, 2026

Fresh security updates resolve critical flaws in Azure, Windows, Dynamics 365, and the SSO Plugin for Jira & Confluence.

The post Microsoft Patches 137 Vulnerabilities appeared first on SecurityWeek.

Exaforce Raises $125 Million for Agentic SOC Platform - May 12, 2026

Exaforce has raised a total of $200 million and plans on using the latest investment for product development and international expansion. 

The post Exaforce Raises $125 Million for Agentic SOC Platform appeared first on SecurityWeek.

Adobe Patches 52 Vulnerabilities in 10 Products - May 12, 2026

While none of the flaws have been exploited in the wild, many of them could lead to arbitrary code execution.

The post Adobe Patches 52 Vulnerabilities in 10 Products appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution - May 12, 2026

Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free

SecurityWeek

Latest cybersecurity news

White Circle Raises $11 Million for AI Control Platform - May 12, 2026

The startup will invest in accelerating product development, hiring new talent, and expanding its customer base.

The post White Circle Raises $11 Million for AI Control Platform appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded - May 12, 2026

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious attack.” “We’re dealing with a major malicious attack on Ruby Gems right now,” Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on X. “Signups are paused for the time being.

SecurityWeek

Latest cybersecurity news

BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months - May 12, 2026

Threat actors obtained names and contact information for an unspecified number of BWH Hotels guests.

The post BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months appeared first on SecurityWeek.

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware - May 12, 2026

CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities in development.

The post Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware appeared first on SecurityWeek.

Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform - May 12, 2026

The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals.

The post Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform appeared first on SecurityWeek.

West Pharmaceutical Services Hit by Disruptive Ransomware Attack - May 12, 2026

The company took systems offline globally after hackers exfiltrated data and deployed file-encrypting ransomware.

The post West Pharmaceutical Services Hit by Disruptive Ransomware Attack appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help - May 12, 2026

Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn’t always alert volume; it’s the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk alert categories - WAF, DLP, OT/IoT, dark web intelligence, and supply chain signals- consistently

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages - May 12, 2026

TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed to profile the execution

Schneier on Security

Security news and analysis by Bruce Schneier

Copy.Fail Linux Vulnerability - May 12, 2026

This is the worst Linux vulnerability in years.

TL;DR

• copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC.
• It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four bytes at a time straight into the page cache of a file the attacker does not own.
• The exploit works unmodified across Ubuntu, RHEL, Debian, SUSE, Amazon Linux, Fedora and most others. No race condition, no per-distro offsets.
• The file on disk is never modified. AIDE, Tripwire and checksum-based monitoring see nothing. ...

Trail of Bits Blog

Security research and insights from Trail of Bits

Go fuzzing was missing half the toolkit. We forked the toolchain to fix it. - May 12, 2026

Go’s native fuzzing is useful, but it stands far behind state-of-the-art tooling that the Rust, C, and C++ ecosystems offer with LibAFL and AFL++. Path constraints are hard to solve. Structured inputs usually need handmade parsing. It doesn’t even detect several common bug classes, such as integer overflows, goroutine leaks, data races, and execution timeouts. So to make it better, we built gosentry, a fuzzing-oriented fork of the Go toolchain that keeps the standard testing.F workflow while using a stronger fuzzing stack underneath to tackle those issues.

With gosentry, go test -fuzz uses LibAFL by default. It can fuzz structs natively, run grammar-based fuzzing with Nautilus, detect bug classes that it couldn’t detect before, and create a fuzzing campaign coverage report in one command.

If you already have Go fuzz harnesses, you don’t need to rewrite them. Point them at gosentry’s binary and you get all of the above through the same go test -fuzz interface, with a few new flags:

./bin/go test -fuzz=FuzzHarness --focus-on-new-code=false --catch-races=true --catch-leaks=true

gosentry keeps the harness API and changes the engine and the surrounding tooling — you just tweak the CLI.

You can also generate coverage reports from an existing campaign with --generate-coverage. Run it from the same package with the same -fuzz target, and no corpus path is needed; gosentry stores the campaign state under Go’s fuzz cache index by package and fuzz target, so restarting the campaign resumes from the existing corpus.

Why we built gosentry

We started this project after we released go-panikint to improve Go fuzzing’s integer overflow detection. We realized that integer overflow detection wasn’t enough. Go’s fuzzing ecosystem was still missing techniques that Rust, C, and C++ researchers already use every day.

We often faced these gaps in our own security work using Go’s vanilla fuzzer:

• Program comparisons (path constraints) were impossible to solve: one complex if branch, and the Go fuzzer could stay stuck forever.
• Grammar-based fuzzing was never an option.
• Structure-aware fuzzing required additional manual work.
• Several Go bug classes would not crash by default or would depend on external libraries, so the fuzzer could reach insecure target behaviors without reporting them.
• Generating coverage reports from a fuzzing campaign was cumbersome.
• Making the fuzzer crash on critical error logs required manual code changes.

Same harness, stronger engine

Gosentry keeps the parts Go developers already know:

• Write a fuzz target with testing.F, as usual.
• Create your initial corpus with f.Add.
• Pass the input into f.Fuzz.

Under the hood, gosentry captures the fuzz callback, builds a Go archive with libFuzzer-style entry points, and runs it in-process through a Rust-based LibAFL runner. The API stays familiar, but gosentry enhances the engine, scheduling, detectors, and much more.

We designed it this way to avoid friction for developers and security researchers adopting a new tool. Existing Go harnesses do not need to be ported to a new framework. And since the Go toolchain documentation and usage are already widely integrated into LLM pre-training datasets, an agent can easily use gosentry, as it is a fork of the Go toolchain.

More bugs become visible

Another added value of gosentry is its capacity to turn more bad behaviors into failures that the vanilla Go fuzzer wouldn’t report.

It includes compiler-inserted integer overflow checks by default and optional truncation checks through the go-panikint integration. It also lets you choose function calls that should stop the fuzzer. For example, you can use the --panic-on flag to stop fuzzing when log.Fatal is called. This flag is useful for codebases that log critical errors and keep going instead of panicking and reporting the bug to the user.

It can also catch data race issues using the native Go race detector (--catch-races), and goroutine leaks through its goleak integration (--catch-leaks). Finally, timeouts can be caught at fuzz-time to help detect issues like infinite loops.

Better inputs

Gosentry improves input quality in two different ways, which solve different problems.

Struct-aware fuzzing

Go’s native fuzzing accepts only a small set of parameter types, which doesn’t include composite types, such as structs, slices, arrays, and pointers. Gosentry supports fuzzing of these types.

type Input struct {
	Data []byte
	S string
	N int
}

func FuzzStructInput(f *testing.F) {
	f.Add(Input{Data: []byte("hello"), S: "world", N: 42})
	f.Fuzz(func(t *testing.T, in Input) {
		Process(in)
	})
}

Under the hood, gosentry still mutates bytes. The difference is that it encodes and decodes the composite value for you in a proper way, so you don’t have to invent a custom wire format just to fuzz typed Go inputs.

Grammar-based fuzzing

In this mode, gosentry uses Nautilus to generate and mutate grammar-valid inputs while LibAFL still drives the coverage-guided loop.

Let’s imagine you want to fuzz a homemade JSON parser. Without a grammar, most of the time you would generate junk input that wouldn’t even pass the first branches. For example, the fuzzer would mutate {"postOfficeBox": 123} to {postOfficeBox"": """"&%}, while a more interesting generated input of postOfficeBox would be a much larger number like u64.MAX, giving {"postOfficeBox": 18446744073709551615}. In that case, you need grammar-based fuzzing. You define what the structure should be, and the fuzzer generates inputs accordingly. You could write a harness like this:

func FuzzGrammarJSON(f *testing.F) {
f.Add(`{"postOfficeBox":123}`)
 	f.Fuzz(func(t *testing.T, jsonInput string) {
 		ParseJSONFromString(jsonInput)
 	})
}

The grammar format is a JSON array of rules:

 [
 ["Json", "\\{\"postOfficeBox\":{Number}\\}"],

 ["Number", "{Digit}"],
 ["Number", "{Digit}{Number}"],

 ["Digit", "0"],
 ["Digit", "1"],
 ["Digit", "2"],
 ["Digit", "3"],
 ["Digit", "4"],
 ["Digit", "5"],
 ["Digit", "6"],
 ["Digit", "7"],
 ["Digit", "8"],
 ["Digit", "9"]
 ]

Just note that grammar mode still feeds bytes or strings to the harness. So your target needs to be able to parse either strings or bytes.

What it has found already

We’ve been running gosentry on a bunch of targets using grammar-based differential fuzzing campaigns and found a number of bugs. We have disclosed some of these issues to Optimism and Revm:

• Unknown batch type panics and causes denial of service in kona-protocol
• Kona and op-node can disagree on brotli channels
• Kona frame parsing mismatch against op-node and OP Stack Specs
• Failed deposit in op-revm stopping with OutOfFunds does not bump nonce, leading to a state root mismatch against other clients

Those are exactly the kinds of bugs we wanted Go fuzzing to expose. They wouldn’t have been easy to find via the native Go fuzzer, but our grammar-based fuzzer via gosentry was able to easily detect them.

Now, see what you can find. If you already have a Go fuzz target, run it under gosentry and see what it can reach compared to the native Go fuzzer.

The project is available on GitHub and includes documentation for each feature described above.

If you’d like to read more about fuzzing, check out the following resources:

• Our fuzzing chapter in the Testing Handbook
• Continuously fuzzing Python C extensions
• Breaking the Solidity Compiler with a Fuzzer

As always, contact us if you need help with your next Go project or fuzzing campaign.

The Hacker News

Cybersecurity news and insights

Why Agentic AI Is Security’s Next Blind Spot - May 12, 2026

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the point.  The more urgent

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak - May 12, 2026

American educational technology company Instructure, the parent company of Canvas, said it reached an “agreement” with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an update shared on Monday, the Utah-based firm said it “reached an agreement with the unauthorized actor involved in

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation - May 12, 2026

OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. “Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners across

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android - May 12, 2026

Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a “cross-industry effort” to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android users on the latest version of Google Messages.

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack - May 11, 2026

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. “If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously,” the cybersecurity company said in a statement over the weekend. As of writing, Checkmarx has released

The Hacker News

Cybersecurity news and insights

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now - May 09, 2026

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows -

CVE-2026-29201 (CVSS score: 4.3) - An insufficient input validation of the feature file name in the “feature::LOADFEATUREFILE” adminbin call that could result

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms - May 08, 2026

Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that’s capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a major update of the Maverick, which is known to leverage a worm called SORVEPOTEL to spread via

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads - May 08, 2026

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps have collectively racked up more than 7.3 million downloads, with one of them alone accounting for over

SecurityWeek

Latest cybersecurity news

In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner - May 08, 2026

Other noteworthy stories that might have slipped under the radar: US gov targets 72-hour patch cycles, malware uses Windows Phone Link to steal OTPs, spy operation targets Eurasian drone industry.

The post In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches - May 08, 2026

The hardest part of cybersecurity isn’t the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one “Patient Zero” infection. In 2026, hackers are using AI to make these “first clicks” nearly impossible to spot. If a single laptop gets compromised on your watch, do you have a plan to stop it from taking down

SecurityWeek

Latest cybersecurity news

Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants - May 08, 2026

The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply.

The post Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants appeared first on SecurityWeek.

AI Firm Braintrust Prompts API Key Rotation After Data Breach - May 08, 2026

Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust.

The post AI Firm Braintrust Prompts API Key Rotation After Data Breach appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise - May 08, 2026

A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. “QLNX targets developers and DevOps credentials across the software supply chain,“

SecurityWeek

Latest cybersecurity news

Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom - May 08, 2026

A system that thousands of schools and universities use went offline due to a cyberattack, creating chaos as students tried to study for finals.

The post Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom appeared first on SecurityWeek.

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials - May 08, 2026

The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more.

The post ‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials appeared first on SecurityWeek.

Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover - May 08, 2026

Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension.

The post Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover appeared first on SecurityWeek.

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks - May 08, 2026

CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code.

The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions - May 08, 2026

Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers

SecurityWeek

Latest cybersecurity news

Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders - May 07, 2026

Musk said that he could have founded OpenAI as a for-profit company, just like the other companies he started or took over. “I deliberately chose this,” he said, “for the public good.”

The post Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access - May 07, 2026

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows “a remotely authenticated user with administrative access to achieve remote code

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems - May 07, 2026

Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. “The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting