Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds
EPIC’s researchers were unable to locate an opt-out process at all on Meta, X, OpenAI, and Tinder without first logging in. And HireVue and the…
Month: May 2026
Gremlin Stealer Hides C2 and Exfiltration Paths in Encrypted Resources
A newly identified variant of the Gremlin stealer malware is leveraging advanced obfuscation techniques to conceal its command-and-control (C2) infrastructure and data exfiltration logic within…
Fake Word Phishing Reveals Enterprise Blind Spot in Trusted Remote Access Tools
Fake Word phishing attacks are abusing trusted remote access tools to bypass detection, exposing a growing security gap for enterprises. A fake Word Online phishing…
FBI: $388 million lost in crypto ATM scams in 2026
Americans lost more than $388 million to crypto kiosk scams in 2025, with the FBI warning that criminals are increasingly directing victims to transfer funds…
Firefox 151 packs big privacy upgrades into a small update
Mozilla has published release notes for Firefox browser version 151.0, and this update includes several genuinely meaningful privacy and security improvements. Three changes stand out…
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code…
Why business process reinvention is needed for agentic AI workflows
As the tech sector pushes the use of artificial intelligence (AI) in the enterprise, there is an emerging trend which is seeing technology providers pivot…
Chanhassen Dinner Theatres Cyberattack Disrupts Shows
The fallout from the Chanhassen Dinner Theatres cyberattack has forced the popular Minnesota venue to cancel additional performances of “Guys and Dolls” as management deals with both…
CVE-2026-45829: ChromaDB FastAPI ChromaToast RCE Exploit Now
The security issue tracked as CVE-2026-45829, often referred to in analysis as ChromaToast Served Pre-Auth, affects the open-source vector database ChromaDB. ChromaDB is widely used for semantic search and AI-driven retrieval…
Telcos unable to overturn $7.3bn bill to renew mobile spectrum
Telstra, Optus, TPG and NBN Co will pay just over $7.3 billion to keep expiring mobile and wireless spectrum licenses after the sector’s efforts to…
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension, security researchers report.…
A Malicious VS Code Extension Just Breached GitHub ‘s Internal Repositories
A malicious VS code extension just breached GitHub ‘s internal repositories Pierluigi Paganini May 20, 2026 One employee installed a trojanized VS Code extension. Result:…