Security Affairs
- Get link
- X
- Other Apps
"U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities cataglog."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 22 May 2026, 0210 UTC.
Content and Source provided by email subscription from https://feedly.com.
https://feedly.com/i/subscription/content/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
12
Today
8 TTPs
by Pierluigi Paganini / 4h
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the flaws added to the catalog: CVE-2008-4250 Microsoft Windows Buffer Ov
Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for ransomware crews, data thieves, and other cybercriminals trying to hide in plain sight. “The coordinated action took place between 19 an
by Pierluigi Paganini / 7h
Apple 2025 fraud report shows major App Store protections: over 2M apps rejected, 1B fake accounts blocked, and billions in fraud prevented. Apple ‘s annual fraud prevention report for 2025 paints a striking picture of just how much effort goes into keeping the App Store clean. The numbers are significant: more than two million app submissions rejected, over a billion fake account creations stopp
5 TTPs
by Pierluigi Paganini / 10h
Attackers bypassed MFA on patched SonicWall Gen6 VPNs because admins missed extra manual steps required to fully fix the flaw. There is a particular kind of security failure that is harder to catch than an unpatched system: a patched system where the patch did not actually work because nobody followed all the steps. That is what is happening right now with SonicWall Gen6 SSL-VPN appliances and CV
Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-20223 (CVSS score of 10.0), in Secure Workload. The flaw stems from insufficient validation and authentication in REST API endpoints. According to Cisco, remote attackers could exploi
Yesterday
Discord now enables end-to-end encryption by default for all voice and video calls, making conversations inaccessible even to the platform itself. No announcement fanfare, no opt-in required, no settings to dig through. Discord flipped a switch on Monday and end-to-end encryption is now the default for every voice and video call on the platform. If you used Discord to call someone today, that con
IoC > 2 file paths
by Pierluigi Paganini / 1d
•2 TTPs
PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects the Linux kernel’s RDS (Reliable Datagram Sockets) subsystem
Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability , Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why. The flaw, tracked as CVE-2026-45585 (CVSS score of
Carding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash , one of the most active stolen card marketplaces on the dark web , has released 4.6 million credit card records for free, not because of a law enforcement action or a system compromise, but essentially as a punishment for its own sellers behaving badly
May 19, 2026
One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, the platform that hosts the code for most of the world’s software, getting breached through a trojanized plugin for a code editor. But that is exactly what happened, and the company confirmed it over the w
2 TTPs
by Pierluigi Paganini / 1d
DirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail , Dirty Frag , and Fragnesia , here comes DirtyDecrypt, another local privilege escalation vulnerability in the kernel, this time with a working proof-of-concept already out in the open. The flaw was discovered and reported on May 9, 20
A Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was reportedly triggered by a previously undisclosed flaw in Huawei enterprise routers. The attack disrupted landline, 4G, 5G, and emergency communications for more than three hours after specially crafted traf
End of feed
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.