CIRCLE WITH A DOT

CVE-2026-34473: Unauthenticated Denial of Service in ZTE Routers ZTE routers with 17+ models are affected, impacting 140K+ devic...https://www.reddit.com/r/hacking/comments/1thj9vd/cve202634473_unauthenticated_denial_of_service_in/ hacking: security in practice#CVE #CyberSecurity

AI Agent Tool Injection RCEhttps://www.youtube.com/shorts/V6X9FBLdQlw##cybersecurity ##infosec ##cve #cybersecurity #infosec #hacking #cve #vulnerability #threatintel #security

THREAT INTEL | Vantage Energy LLC Actor "nightspire" claims Undisclosed️ Unverified claimhttps://www.yazoul.net/intel/claim/2026-05-19-vantage-energy-ransomware-attack-by-nightspire-may-2026#DarkWeb #DataBreach #ThreatIntel #CyberSecurity #InfoSec

Critical Vulnerabilities in SEPPMail Secure E-Mail Gateway Allow Remote TakeoverSEPPMail Secure E-Mail Gateway is affected by multiple critical vulnerabilities, including a CVSS 10.0 path traversal flaw, that allow unauthenticated remote code execution and full access to mail traffic.**Update your SEPPMail appliance to version 15.0.4 immediately. Attackers can exploit the Large File Transfer (LFT) feature to execute malicious code and completely take over the appliance without needing prior authentication. If immediate patching is not possible, disable the Large File Transfer (LFT) and GINA v2.x features to minimize your attack surface and block the primary exploit paths. Because SEPPMail is a virtual appliance, your internal security tools likely will not detect an attacker operating directly on the gateway. Proactive patching is your only defense.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/critical-vulnerabilities-in-seppmail-secure-e-mail-gateway-allow-remote-takeover-3-r-0-5-1/gD2P6Ple2L

(socket.dev) Typosquatted Go Module Weaponized with DNS-Based Command and Control: Analysis of github.com/shopsprint/decimalNew supply chain threat: Typosquatted Go module github.com/shopsprint/decimal (v1.3.3) backdoors systems via DNS TXT-based C2. Module remains accessible via Go proxy despite repo takedown.In brief - A malicious Go module impersonating the popular shopspring/decimal library was weaponized in August 2023 with a DNS-based backdoor. The attack abuses Go's init() function to execute arbitrary commands from TXT records, posing a persistent risk to developers.Technically - The typosquatted github.com/shopsprint/decimal (v1.3.3) abuses Go's init() function to poll dnslog-cdn-images.freemyip.com every 5 minutes for TXT records, executing returned commands via os/exec.Command. The C2 leverages dynamic DNS and evades detection by preserving the legitimate API. Detection requires auditing go.mod for the typosquatted import and scanning for anomalous imports (net, os/exec, time) in non-network libraries.Source: https://socket.dev/blog/popular-go-decimal-library-typosquat-dns-backdoor#Cybersecurity #ThreatIntel

Drupal will release a highly critical core patch on May 20. Security teams warn that functional exploits are expected within hours of the release. #Cybersecurity #InfoSec https://deafnews.it/en/article/drupal-patch-highly-critical-il-20-maggio-exploit-in-ore

The Truth About Starting a Cybersecurity Firm | Tampa BSides 2026https://www.youtube.com/watch?v=z04o_3kvIhc#cybersecurity #vulnerability #penetrationtesting

I Built an AI Cybersecurity Research Factory (for CTFs & Vulnerabilities)https://www.youtube.com/watch?v=j7GpjcyJYtU#cybersecurity #aisecurity #vulnerability

Inside the Secret World of DEF CON Hackers | VICE: Motherboard | Blueprinthttps://www.youtube.com/watch?v=DzumJ-qI3qs#cybersecurity #vulnerability #iotsecurity

The problem with AI agents..https://www.youtube.com/watch?v=74FjlxQgftg#cybersecurity #aisecurity #vulnerability

Facebook scam promises cheap Aldi meat boxes, steals payment info insteadhttps://www.malwarebytes.com/blog/scams/2026/05/facebook-scam-promises-cheap-aldi-meat-boxes-steals-payment-info-insteadRead on HackerWorkspace: https://hackerworkspace.com/article/facebook-scam-promises-cheap-aldi-meat-boxes-steals-payment-info-instead#databreach #cybersecurity #privacy

PureLogs infostealer is stealing credentials worldwide - Help Net Securityhttps://www.helpnetsecurity.com/2026/05/19/purelogs-infostealer-delivery-steganography/Read on HackerWorkspace: https://hackerworkspace.com/article/purelogs-infostealer-is-stealing-credentials-worldwide-help-net-security#malware #databreach #cybersecurity

PureLogs infostealer is stealing credentials worldwide - Help Net Securityhttps://www.helpnetsecurity.com/2026/05/19/purelogs-infostealer-delivery-steganography/Read on HackerWorkspace: https://hackerworkspace.com/article/purelogs-infostealer-is-stealing-credentials-worldwide-help-net-security#malware #databreach #cybersecurity

TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilitieshttps://blog.talosintelligence.com/tp-link-photoshop-openvpn-norton-vpn-vulnerabilities/Read on HackerWorkspace: https://hackerworkspace.com/article/tp-link-photoshop-openvpn-norton-vpn-vulnerabilities#cybersecurity #vulnerability #exploit

Exposing Fox Tempest: A malware-signing service operation | Microsoft Security Bloghttps://www.microsoft.com/en-us/security/blog/2026/05/19/exposing-fox-tempest-a-malware-signing-service-operation/Read on HackerWorkspace: https://hackerworkspace.com/article/exposing-fox-tempest-a-malware-signing-service-operation-microsoft-security-blog#ransomware #malware #cybersecurity

(malwarebytes.com) Massive Healthcare Data Breach at NYC Health + Hospitals Exposes Sensitive Patient and Employee Data via Third-Party VendorNYC Health + Hospitals breach exposes 1.8M records, including biometric data, via third-party vendor compromise (Nov 2025–Feb 2026).In brief - A supply-chain attack on NYC H+H via an unnamed vendor led to the exposure of PII, medical records, and biometric data for 1.8M individuals. The incident underscores third-party risks in healthcare and the long-term impact of biometric data theft.Technically - Attackers exploited a vendor vulnerability to gain persistence in NYC H+H’s network, exfiltrating PII, medical/insurance records, and biometric data (fingerprints/palm prints). The breach aligns with FBI-reported ransomware trends targeting healthcare. Mitigation requires vendor risk management, MFA, encryption, and continuous monitoring of sensitive data.Source: https://www.malwarebytes.com/blog/news/2026/05/biometrics-diagnoses-and-bank-details-exposed-in-major-healthcare-breach#Cybersecurity #ThreatIntel

CVE-2026-24054: The Bind-Mount That Convinced Kata to Hotplug Your Host DiskA malformed or layer-less container image makes containerd fall back to a bind-mount of an empty snapshotter directory. Kata's "is this rootfs a block device?" heuristic dutifully walked up from that empty directory, hit the host's actual root block device, and politely passed it through to…https://www.ehabhussein.com/p/cve-2026-24054-the-bind-mount-that-convinced-kata-to-hotplug-your-host-disk#TheResident #ehabhussein #cybersecurity #infosec #vulnerability #CVE #hacking #security #CVE202624054

Coastal Carolina Health Care Reports Data Breach Impacting 110,000 IndividualsCoastal Carolina Health Care (CCHC) suffered a data breach in March 2025 that exposed the Social Security numbers and protected health information of approximately 110,000 individuals.****#cybersecurity #infosec #incident #databreachhttps://beyondmachines.net/event_details/coastal-carolina-health-care-reports-data-breach-impacting-110000-individuals-j-e-3-p-b/gD2P6Ple2L

Drupal Core Security Update Scheduled for May 20 Critical security issue detected.https://thehackernews.com/2026/05/drupal-to-release-urgent-core-security.html The Hacker News#InfoSec #CyberSecurity

New York City's Health and Hospitals Corporation reported that hackers accessed personal data and biometric scans of at least 1.8 million patients during a significant breach in 2026, marking one of the largest such incidents recorded. https://techcrunch.com/2026/05/18/nyc-health-and-hospitals-says-hackers-stole-medical-data-and-fingerprints-during-breach-affecting-at-least-1-8-million-people/#Tech #Cybersecurity