Search

bleepingcomputer.com › news › security

Critical vm2 sandbox bug lets attackers execute code on hosts

…The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit…

May 6, 2026 · Bill Toulas

Top stories

theverge.com

Cybersecurity

1w ago

bleepingcomputer.com

OpenAI confirms security breach in TanStack supply chain attack

1w ago

techcrunch.com

US bank discloses security lapse after sharing customer data with AI app | TechCrunch

1w ago

bleepingcomputer.com

Signal adds security warnings for social engineering, phishing attacks

1w ago

theregister.com › software › 2026 › …

How JumpCloud unifies IT management to tame shadow AI

…scaffolding of AI adoption." Running before they can walk will cause shadow AI-related security and compliance incidents for 40 percent of enterprises  by 2030, says Gartner. Gaining that all-important visibility…

Mar 26, 2026 · Cath Everett

extremetech.com › internet

Unpatched Microsoft Defender Flaw Lets Hackers Gain Admin Access on Windows

…A security researcher who goes by the name Chaotic Eclipse discovered what they call the "RedSun" vulnerability just weeks after discovering, disclosing, and then leaking a Windows zero-day exploit that Microsoft…

Apr 21, 2026 · Devesh Beri

theregister.com › security › 2026 › …

Two different attackers poisoned popular open source tools

…According to security experts, the incidents demonstrate the future of supply-chain attacks. "We are seeing more and more developers targeted by this type of activity," Cisco Talos outreach lead Nick Biasini…

Apr 11, 2026 · Jessica Lyons

Discussions and forums

r/sysadmin · u/xendr0me · 1w ago

What a bunch of idiots... Canvas

https://www.reddit.com/r/canvas/comments/1taj9mk/instructure_just_confirmed_they_paid_the_ransom/ "We received assurances that it will not be further shared on the dark web or elsewhere, and we received proof that any co…

Hacker News · u/introvertmac · Dec 3, 2025

Tell HN: Compliance is not equal to Security

For over a decade, I’ve been doing bug bounty, security audits, and security consulting. And if there’s one thing I’ve seen repeatedly, it’s this:Most startups call a security engineer or hire a security agency only when…

1 1

r/netsec · u/unknownhad · 2w ago

The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.

The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …

r/netsec · u/technadu · 6h ago

Threat Intel: ShinyHunters Leaks 9.4GB Database of 7-Eleven Franchisee Systems Post-Extortion Refusal

Overview: On May 24, 2026, the data breach notification service Have I Been Pwned (HIBP) integrated a dataset originating from an April 2026 extortion campaign targeting 7-Eleven. The breach, attributed to the threat act…

r/selfhosted · u/ldkv · 1w ago

Accidentally exposed publicly my entire LAN for 2 weeks

Posting this as a PSA / confession because I almost had a heart attack last night and I figure if I got bit, someone else will too. TL;DR: Replaced pangolin + NPMplus with a double-Caddy + WireGuard setup. Put a "clever"…

techradar.com › pro

Summarization is not reasoning: How hybrid AI fixes failing AIOps

…Move beyond LLMs with hybrid AI Generative AI has transformed how teams interact with data, making it easier to summarize incidents, generate reports, and assist operators. But summarization is not the same…

May 4, 2026 · Casey Kindiger

wired.com › story

The Canvas Hack Is a New Kind of Ransomware Debacle

…In a running incident update log that began on May 1, Steve Proud, Instructure's chief information security officer, said that the company had “recently experienced a cybersecurity incident perpetrated by a…

May 8, 2026 · Lily Hay Newman

theregister.com › special-features › 2026 › …

1K+ cloud environments infected via Trivy attack

…creating a snowball effect," Reed said. "This isn't an isolated incident. It's a systemic campaign that requires security teams to take action and will likely continue to expand." According to…

Mar 24, 2026 · Jessica Lyons

techcrunch.com › 2026 › 05 › …

Scammers are abusing an internal Microsoft account to send spam links | TechCrunch

…Zack Whittaker Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security . He can be reached via encrypted message at zackwhittaker.1337 on…

May 21, 2026 · Zack Whittaker

semiwiki.com › job › software-engineer-121

Software Engineer - Semiwiki

…With an emphasis on security, reliability, automation, and operational excellence. Working closely with internal stakeholders and external customers, you’ll integrate complex systems, resolve technical challenges, and deliver robust, secure high-quality…

May 18, 2026 · Admin

fudzilla.com

IMF warns AI hackers could give finance a kicking – Fudzilla.com

…In-house benchmarks XeSS in Shadow of Tomb Raider Intel CEO Pat Gelsinger has announced… Reviews March 13, 2022 X-Sense Home Security Kit Review: Sound the alarm! This equipment claims to…

May 8, 2026 · Nick Farrell