This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess.… Read More »ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on… Read More »Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and the key stored itself automatically.… Read More »When Identity is the Attack Path
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of… Read More »9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure.… Read More »Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console… Read More »GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and… Read More »Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of… Read More »Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, “identity dark matter” (the unseen,… Read More »Agent AI is Coming. Are You Ready?
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or… Read More »Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API