WantToCry Ransomware Abuses SMB Services to Remotely Encrypt Files
Overview A new ransomware strain dubbed WantToCry is targeting businesses by exploiting the Server Message Block (SMB) protocol — a core Windows file‑sharing service — […]
Month: May 2026
Microsoft Warns of New Defender Zero‑Days Exploited in Active Attacks
Overview Microsoft has confirmed that two zero‑day vulnerabilities in Microsoft Defender for Endpoint are being actively exploited in the wild. The company began rolling out emergency patches […]
Microsoft Shares Mitigation for YellowKey Windows Zero‑Day
Overview Microsoft has published mitigation guidance for YellowKey, a newly disclosed Windows BitLocker zero‑day vulnerability that allows attackers to gain access to encrypted drives. The flaw, […]
Fox Tempest — Malware‑Signing‑as‑a‑Service Exploits Microsoft Artifact Signing
Overview A financially motivated threat actor known as Fox Tempest has been operating a malware‑signing‑as‑a‑service (MSaaS) platform that abused Microsoft’s Artifact Signing infrastructure to generate trusted digital […]
GitHub Breach — Malicious VS Code Extension Compromises 3,800 Internal Repositories
Overview On May 20, 2026, GitHub confirmed a major internal breach involving approximately 3,800 private repositories. The incident was traced back to a malicious Visual Studio Code […]
SEPPmail Gateway Flaws — Critical RCE and Email Traffic Interception Risks
Overview Researchers have uncovered multiple critical vulnerabilities in the SEPPmail Secure Email Gateway, exposing organizations to remote code execution (RCE) and email traffic interception. These […]
Xneelo Faces Large‑Scale DDoS Attack — Lessons in Resilience for South African Hosting
Overview On May 19, 2026, South African hosting provider Xneelo reported a large‑scale distributed denial‑of‑service (DDoS) attack disrupting parts of its network infrastructure. The incident, ongoing for […]
SHub “Reaper” — macOS Infostealer Masquerading as Apple Security Update
Overview The SHub Reaper variant represents a dangerous evolution in macOS malware. By spoofing Apple security updates through AppleScript, it bypasses recent protections and tricks […]
Exchange XSS Exploit — Layer 7 Threat to Enterprise Networks
Overview CISA has issued a warning about CVE‑2026‑42897, a cross‑site scripting (XSS) vulnerability in Microsoft Exchange Server’s Outlook Web Access (OWA). Already added to the […]
Enterprise Patch Wave — Critical Fixes Across Ivanti, Fortinet, SAP, VMware & n8n
Overview A new wave of critical enterprise security patches has been released, addressing vulnerabilities across Ivanti, Fortinet, SAP, VMware, and n8n. These flaws range from […]