12 News Items
THN · BleepingComputer · Krebs · Dark Reading · SANS
THN · BleepingComputer · Krebs · Dark Reading · SANS
📰 Cybersecurity News Headlines
Top stories from leading cybersecurity publications as of May 20, 2026.
-
Max-severity flaw in ChromaDB for AI apps allows server hijacking
— Bleeping Computer
A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary … -
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
— Dark Reading
Verizon's "2026 Data Breach Investigations Report" ("DBIR") finds that exploits are now involved in 31% of initial access for breaches, whil… -
Cybercrime service disrupted for abusing Microsoft platform to sign malware
— Bleeping Computer
Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to gener… -
Windows Zero-Day Barrage Continues After Patch Tuesday
— Dark Reading
YellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks. -
Discord rolls out end-to-end encryption on voice, video calls
— Bleeping Computer
Discord announced that all voice and video calls through the communication platform are now protected by default with end-to-end encryption … -
CISA Exposes Secrets, Credentials in 'Private' Repo
— Dark Reading
The agency's GitHub repository, publicly available since November 2025, was ironically named "Private-CISA." -
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
— Dark Reading
The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-… -
FBI: Americans lost over $388 million to scams using crypto ATMs in 2025
— Bleeping Computer
The FBI says Americans have lost over $388 million last year to scams using cryptocurrency kiosks, also known as crypto ATMs or Bitcoin ATMs… -
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
— The Hacker News
Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users… -
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
— The Hacker News
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for loca… -
The New Phishing Click: How OAuth Consent Bypasses MFA
— The Hacker News
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 … -
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
— The Hacker News
Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9…
Generated by HiveNet.ai Threat Intelligence Platform · May 20, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC