Latest Cybersecurity News and Articles
14 May 2026
AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable response based on patterns in its training data, even if that response is inaccurate. These outputs
14 May 2026
The goal of the guidance, which outlines minimum elements, is to help organizations enhance transparency in AI systems and supply chains.
The post G7 Countries Release AI SBOM Guidance appeared first on SecurityWeek.
14 May 2026
The company’s latest quarterly advisory describes high and medium-severity issues in BIG-IP, BIG-IQ, and NGINX.
The post F5 Patches Over 50 Vulnerabilities appeared first on SecurityWeek.
14 May 2026
The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed.
The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek.
14 May 2026
An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON).
The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse
14 May 2026
The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week.
The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek.
14 May 2026
YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System.
The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first on SecurityWeek.
14 May 2026
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks.
Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM
14 May 2026
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years.
The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a
13 May 2026
The Nitrogen ransomware group claims to have hacked the company’s systems, stealing 8TB of data, including confidential documents.
The post Foxconn Confirms North American Factories Hit by Cyberattack appeared first on SecurityWeek.
13 May 2026
Microsoft’s MDASH discovered 16 of the Patch Tuesday vulnerabilities, and Palo Alto used Mythos to find dozens of flaws.
The post Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code appeared first on SecurityWeek.
13 May 2026
New “Sweet Attack” platform uses runtime intelligence and continuous agentic red teaming to identify exploitable attack chains human teams may miss.
The post Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’ appeared first on SecurityWeek.
13 May 2026
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview.
MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability
13 May 2026
This webinar will help OT security teams and asset owners stop being cost centers and start being resilience drivers.
The post Webinar Today: ROI for Cyber-Physical Security Programs appeared first on SecurityWeek.
13 May 2026
A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting.
The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of
13 May 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 13, 2026 – Watch the YouTube video The challenge Legion Security addresses is well-known: for more than two decades, SOC teams have struggled with overwhelming alert volumes and persistent staffing shortages, typically lacking between 26
The post Legion Security: Grow Your Own AI SOC appeared first on Cybercrime Magazine.
13 May 2026
The Committee on Homeland Security has requested to be briefed on the incident and Instructure’s remediation steps.
The post Government to Scrutinize Instructure Over Canvas Disruption, Data Breach appeared first on SecurityWeek.
13 May 2026
TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz and Okta/GitLab to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here.
Most security tools work like a smoke alarm that goes off every time you burn a piece of toast. You get so many alerts that you eventually start to ignore them.
The real
13 May 2026
Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed.
Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have understandably driven the industry toward a clear
13 May 2026
The telehealth platform was hacked in January, and users’ personal information was exfiltrated from its systems.
The post 716,000 Impacted by OpenLoop Health Data Breach appeared first on SecurityWeek.