Aggregator

A threat actor claims to have leaked a full database dump tied to Watiqa.ma, Morocco’s government electronic platform for requesting civil status documents.

New York, United States, May 19th, 2026, CyberNewswire New research shows identity dark matter continues to expand and erode enterprise identity, resulting in a fragile foundation for agent AI readiness and adoption Orchid Security, the company solving identity at its core, today released its Identity Gap: 2026 Snapshot report, revealing that the majority of enterprise […]

The post Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report appeared first on Cyber Security News.

A sophisticated npm supply chain campaign dubbed Mini Shai-Hulud has claimed over 600 package versions overnight, with security researchers at Socket and Endor Labs identifying 639 compromised package versions across 323 unique packages in the latest wave. The bulk of the activity targeted the @antv ecosystem, alongside packages under @lint-md, @openclaw-cn, and @starmind scopes. Malicious […]

The post 600+ npm Packages Compromised in New Mini Shai-Hulud Supply Chain Attack appeared first on Cyber Security News.

A threat actor claims to be selling data tied to Nirvasa, an Indian digital healthcare platform focused on primary care, personalized treatment, and patient services.

Windows Update научится сама откатывать сбойные драйверы без участия пользователя.

企业通过 Bug 悬赏项目向白帽子黑客支付发现 bug 的赏金，但此类项目如今被低质量的 AI 报告淹没，迫使部分企业终止项目。Bugcrowd 的客户包括 OpenAI、T-Mobile 和摩托罗拉，该公司表示 3 月三周内收到的报告数量翻了四倍多，大部分报告被证实是错误的。Curl 项目在 1 月暂停了 Bug 悬赏项目。网络安全公司 Sophos 的首席信息安全官 Ross McKerchar 表示，低质量 AI 报告正迅速成为一大问题，Bug 悬赏会继续 存在，但必须做出改变。Nextcloud 在 4 月暂停了 Bug 悬赏。Bug 悬赏项目平台 HackerOne 也开始引入 AI 智能体去筛选递交的 Bug 报告，CEO Kara Sprague 表示高质量的 AI 报告最近也略有增加。

Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer tools and CI pipelines.

The post Mini Shai-Hulud returns, compromising hundreds of npm packages appeared first on CyberScoop.

A vulnerability categorized as critical has been discovered in gohttp 34ea51. Affected by this vulnerability is an unknown functionality. Such manipulation leads to path traversal. This vulnerability is traded as CVE-2025-70950. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Tyler TID-L. It has been rated as critical. Affected is an unknown function. This manipulation causes use of default credentials. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2026-44159. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in FunnelKit Funnel Builder for WooCommerce Checkout up to 3.15.0.3. It has been declared as critical. This impacts an unknown function of the component Public Checkout Endpoint. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-47100. The attack can be launched remotely. Moreover, an exploit is present. It is recommended to upgrade the affected component.

A vulnerability was found in Portrait Dell Color Management Application up to 3.6.x. It has been classified as critical. This affects an unknown function of the file CCFLFamily_07Feb11.edr of the component Link Handler. The manipulation leads to symlink following. This vulnerability is documented as CVE-2026-34883. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Technitium DNS Server up to 14.x and classified as problematic. The impacted element is an unknown function. Executing a manipulation can lead to asymmetric resource consumption. This vulnerability is registered as CVE-2026-45557. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in ModelScope 1.25.0 and classified as critical. The affected element is an unknown function of the component Module Handler. Performing a manipulation results in privilege escalation. This vulnerability is cataloged as CVE-2025-51427. The attack must originate from the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in F5 NGINX JavaScript up to 0.9.8. Impacted is the function ngx.fetch of the component HTTP Handler. Such manipulation leads to heap-based buffer overflow. This vulnerability is listed as CVE-2026-8711. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in HestiaCP up to 1.9.4. This issue affects some unknown processing. This manipulation causes use of less trusted source. This vulnerability is tracked as CVE-2026-43634. The attack is possible to be carried out remotely. No exploit exists. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Eclipse Glassfish up to 7.0.x/8.0.0. This vulnerability affects unknown code of the component Gadget Handler. The manipulation results in improper neutralization of special elements used in an expression language statement. This vulnerability is identified as CVE-2026-2587. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Eclipse Glassfish 7.1.0/8.0.0. This affects an unknown part of the component Administration Console. The manipulation leads to code injection. This vulnerability is referenced as CVE-2026-2586. Remote exploitation of the attack is possible. No exploit is available.

Hackers are actively exploiting Four-Faith industrial routers to build botnets, leveraging a critical vulnerability identified as CVE-2024-9643. Security researchers from CrowdSec report a sharp rise in exploitation attempts targeting these devices, signaling a shift from initial probing to large-scale abuse. CVE-2024-9643 is a critical authentication bypass flaw affecting Four-Faith F3x36 industrial cellular routers. The vulnerability […]

The post Hackers Hijacking Four-Faith Industrial Routers for Botnet Activity appeared first on Cyber Security News.

A widely used GitHub Action called actions-cool/issues-helper has been compromised, with every version tag in the repository silently redirected to a malicious commit. The attack places stolen CI/CD pipeline credentials directly in the hands of an attacker, raising serious concerns for development teams around the world that rely on this action in their automated workflows. […]

The post Compromised GitHub Action Exfiltrates Workflow Credentials to Attacker Domain appeared first on Cyber Security News.