Agent AI is Coming. Are You Ready?
The Hacker NewsMay 20, 2026Identity Security / Enterprise Security New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results…
Author: Cybernoz
Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION
Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION Pierluigi Paganini May 24, 2026 A new round of the weekly Security Affairs newsletter…
One Year Later | Huntress
It’s hard to believe, but it’s been a year since the Colonial Pipeline ransomware attack. In case your memory’s fuzzy, this was the incident that…
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The…
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Ravie LakshmananMay 21, 2026Web Security / Vulnerability Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popular node-ipc npm Package…
Negative-Days with Vulnerability Spoiler Alert: Three Months Later
When I published Discovering Negative-Days with LLM Workflows three months ago, I got a lot of great feedback and interest. Since then, the waves have…
Evicting the Adversary | Huntress
There are plenty of articles and cheat sheets advising defenders how to monitor, hunt and detect the adversary in their environment. But sometimes, it feels…
Hackers Backdoor Popular art-template npm Package to Launch Watering-Hole Attacks
A widely-used JavaScript templating library called art-template has been weaponized to deliver a sophisticated iOS browser exploit kit through a supply chain attack. The backdoored…
Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: TeamPCP breached GitHub’s internal codebase via poisoned VS Code extensionFollowing…
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
Ravie LakshmananMay 23, 2026Vulnerability / Website Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal…
Anthropic’s Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious
Anthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious Pierluigi Paganini May 24, 2026 Anthropic said…